Dashboard

Searching

Review of alarms

Qualify – to investigate (establish root cause)

Then mitigate

Html5 coded

Risk based alarms

Case workflow

Realtime data

DoubleClick drill down

Underlying log data

Logviewer to analyst grid – access

Low footprint on the browser (Client)

Activities represented

Pivot sort of data / datasets

Widgets to customize dashboard

Edit widgets, more advanced filters

Threat activity map

Drill down create a task on another task to free up resources

Flow data – Network monitor

Deep packet analytics (rule protocol mismatch)

Packet captures – Session based

Case management

Tagging for cases (searchable and filter with dashboards)

Create new tags

Log contains

Search contextualized content for

Finance

SSN

Search contains: (filter on classified actions (750 devices application and systems)

Pre-created processing rules

Structure and unstructured searches

End point monitoring

• File integrity monitoring
• Watchlist users
• Account takeovers
  • Precision searches
  • Alarms page (tab)
  • Fired alarms and risk based fired
  • Entity logical segmentation of the network
  • Other filtering and sorting by risk by date

• Smart responses based on activity (actions – multiple responses)
  • Disable accounts or quarantine devices
  • Corroborated alarms (supporting activities that are, 3 or more behavioral anomalies from the user)
  • Associate logs and alarms into cases

• Drill down into data sets associated with the activities
  • Watchlist or searches (criteria, source with host)
  • Single host or distributed host for performance.

AI Engine

Desktop console

System (Windows, Unix, remotely (no agent directly installed) Local and remote log collections

Non Server log server performance file integrity