Guided Insights
To fortify security operations, your organization should possess the capability to prioritize actions grounded in a comprehensive understanding of enterprise risk and real-time service health. Leveraging integrated threat intelligence and staying ahead of current threats means that you can detect and investigate in a holistic manner, optimizing time and resource so your teams can focus on high-risk events and critical business services.
Use the guidance in the following topics to help you better work with guided insights:
- Threat Intelligence Enrichment helps you to use curated threat intelligence information for correlation and automation in detection and response.
- Leverage Cybersecurity Frameworks helps you to use a reliable, systematic way to mitigate cyber risk, no matter how complex your environment might be.
- Risk-Based Alerting (RBA) helps you to implement RBA strategies that guide analyst efforts where they’re needed most.
- Anomaly Detection helps you to detect and uncover anomalous behaviors and activities that could suggest a hidden, malicious threat is present in your environment.
- Threat Hunting helps you to reduce the time from intrusion to discovery, limiting the amount of damage that can be done by attackers.
| Use Case Explorer for Security | |||
|---|---|---|---|
|
|
|||
 |
 |
 |
|
Visualization and Reporting |
|||
Explore guided insights
- Threat intelligence enrichment
- Make quick, data-driven, real-time security decisions and take preemptive action before an attack actually crosses the threshold of your organization.
- Leverage cyber frameworks
- Cybersecurity frameworks are designed to give security managers a reliable, systematic way to mitigate cyber risk, no matter how complex the environment might be.
- Risk-based alerting
- Pivot resources from traditionally reactive functions to proactive functions in your SOC to improve alert fidelity, true positive rates, and team satisfaction.
- Anomaly detection
- Analyze behavior on your network, using machine learning to find anomalies in behavior that can notify your team of potential threats in near real-time.
- Detecting cloud federated credential abuse in AWS
- Detecting cloud federated credential abuse in Windows
- Detecting consumer bank account takeovers
- Detecting data exfiltration activities
- Detecting insider threats
- Detecting privilege escalation in your AWS environment
- Detecting suspicious activities within AWS cloud instances
- Detecting unusual GCP service account usage
- Detecting Windows BITS abuse
- Protecting Operational Technology (OT) environments
- Threat hunting
- Search for malicious activity within your organization’s IT infrastructure, provide insights for further investigation and build a feedback loop to improve existing controls.
- Detecting AWS network ACL activity
- Detecting AWS security hub alerts
- Detecting AWS suspicious provisioning activities
- Detecting BlackMatter ransomware
- Detecting Clop ransomware
- Detecting DarkSide ransomware
- Detecting domain trust discovery attempts
- Detecting FIN7 attacks
- Detecting IcedID attacks
- Detecting indicators of Remcos RAT malware
- Detecting Log4j remote code execution
- Detecting malicious file obfuscation using certutil.exe
- Detecting masquerading
- Detecting Netsh attacks
- Detecting Office 365 attacks
- Detecting print spooler attacks
- Detecting ransomware activities within AWS environments
- Detecting REvil ransomware infections
- Detecting the disabling of security tools
- Detecting usage of popular Linux post-exploitation tools
- Detecting WhisperGate malware
- Detecting Windows file extension abuse
- Detecting XMRig CPU or GPU mining
- Detecting Zerologon attacks
- Generating investigation lists for a virus infection
- Investigating Gsuite phishing attacks
- Monitoring AWS S3 for suspicious activities
- Monitoring command line interface actions
- Monitoring for signs of a Windows privilege escalation attack
- Monitoring user activity spikes in AWS
- Prescriptive Adoption Motion - Threat hunting