Guided Insights
To fortify security operations, your organization should possess the capability to prioritize actions grounded in a comprehensive understanding of enterprise risk and real-time service health. Leveraging integrated threat intelligence and staying ahead of current threats means that you can detect and investigate in a holistic manner, optimizing time and resource so your teams can focus on high-risk events and critical business services.
Use the guidance in the following topics to help you better work with guided insights:
- Threat Intelligence Enrichment helps you to use curated threat intelligence information for correlation and automation in detection and response.
- Leverage Cybersecurity Frameworks helps you to use a reliable, systematic way to mitigate cyber risk, no matter how complex your environment might be.
- Risk-Based Alerting (RBA) helps you to implement RBA strategies that guide analyst efforts where they’re needed most.
- Anomaly Detection helps you to detect and uncover anomalous behaviors and activities that could suggest a hidden, malicious threat is present in your environment.
- Threat Hunting helps you to reduce the time from intrusion to discovery, limiting the amount of damage that can be done by attackers.
| Use Case Explorer for Security | |||
|---|---|---|---|
|
|
|||
|
|
|||
Visualization and Reporting |
|||
Explore guided insights
- Threat intelligence enrichment
- Make quick, data-driven, real-time security decisions and take preemptive action before an attack actually crosses the threshold of your organization.
- Leverage cyber frameworks
- Cybersecurity frameworks are designed to give security managers a reliable, systematic way to mitigate cyber risk, no matter how complex the environment might be.
- Risk-based alerting (RBA)
- Pivot resources from traditionally reactive functions to proactive functions in your SOC to improve alert fidelity, true positive rates, and team satisfaction.
- Anomaly detection
- Analyze behavior on your network, using machine learning to find anomalies in behavior that can notify your team of potential threats in near real-time.
- Detecting cloud federated credential abuse in AWS
- Detecting cloud federated credential abuse in Windows
- Detecting consumer bank account takeovers
- Detecting data exfiltration activities
- Detecting privilege escalation in your AWS environment
- Detecting suspicious activities within AWS cloud instances
- Detecting Windows BITS abuse
- Finding Windows audit log tampering
- Protecting Operational Technology (OT) environments
- Threat hunting
- Search for malicious activity within your organization’s IT infrastructure, provide insights for further investigation and build a feedback loop to improve existing controls.
- Checking for files created on a system
- Detecting AWS network ACL activity
- Detecting AWS security hub alerts
- Detecting AWS suspicious provisioning activities
- Detecting a ransomware attack
- Detecting BlackMatter ransomware
- Detecting brute force access behavior
- Detecting changes to Windows user group
- Detecting Clop ransomware
- Detecting DarkSide ransomware
- Detecting domain trust discovery attempts
- Detecting FIN7 attacks
- Detecting indicators of Remcos RAT malware
- Detecting Log4j remote code execution
- Detecting malicious activities with Sigma rules
- Detecting malicious file obfuscation using certutil.exe
- Detecting masquerading
- Detecting Netsh attacks
- Detecting network and port scanning
- Detecting Office 365 attacks
- Detecting password spraying attacks within Active Directory environments
- Detecting print spooler attacks
- Detecting ransomware activities within AWS environments
- Detecting recurring malware on a host
- Detecting REvil ransomware infections
- Detecting software supply chain attacks
- Detecting Supernova web shell malware
- Detecting the use of randomization in cyberattacks
- Detecting TOR traffic
- Detecting Trickbot attacks
- Detecting usage of popular Linux post-exploitation tools
- Detecting Windows file extension abuse
- Detecting XMRig CPU or GPU mining
- Detecting Zerologon attacks
- Finding interactive logins from service accounts
- Finding large web uploads
- Investigating Gsuite phishing attacks
- Monitoring AWS S3 for suspicious activities
- Monitoring a network for DNS exfiltration
- Monitoring command line interface actions
- Monitoring DNS queries
- Monitoring for signs of a Windows privilege escalation attack
- Monitoring full DNS transaction data
- Monitoring user activity spikes in AWS
- Monitoring Windows account access
- Prescriptive Adoption Motion - Threat hunting
- Protecting a Salesforce cloud deployment
- Visualizing processes and their parent/child relationships