Tools
This tool is used as our current Anti-malware solution.
What is Windows Defender?
This case type accounts for 99% of the total cases created in our instance of nLighten.
What is "ES Alerts"?
This is our primary ISP
What is Mobily?
This is what the term "TIP" stands for.
What is Threat Intelligence Platform?
This is the index that Windows based logs are stored in.
What is WinLogBeats?
This tool analyzes the contents of users' computer screens and gives them real-time access to information without affecting their existing workflow.
What is Polarity?
These are the status options for a case in Cybraics
What is Open, Pending, In-progress, and Closed?
This is the cloud service provider (CSP) we are utilizing for SaaS.
Azure
This is the number of threat feeds that are sending threat intelligence to our TIP.
What is 55?
This component of our SIEM allows you to look at data in a graphical manner.
What is visualize?
These 3 tools are used together to form the ELK stack, the basis for the underlying software used by our SIEM.
What is Elastic, Logstash, and Kibana?
This tab in nLighten shows us "things" (IP, hostname, username, etc.) that have been observed performing suspicious actions.
What is Entities?
This is the cloud service provider (CSP) we are using for our DNS currently.
What is AWS
These are the current severity options when creating a case in ThreatConnect.
What is Critical, High, Medium, and Low?
This is one of the log types that are currently unparsed in Cybraics.
What is (are) Aruba switch logs, ESXI host logs, Wireless AP logs, SIP (internet phone) logs, and Palo Alto non-firewall logs.
Recently we gained access to urlscan.io. This is the name of the web tool that was its predecessor.
What is urlquery?
This is the default timeframe for the case view in nLighten.
What is one month?
This is the service that is tied to the following subnets:
144.24.0.0/16
150.230.0.0/16
193.122.0.0/16
What is Oracle Cloud Infrastructure (OCI)?
This tab allows you to build and automate tasks in ThreatConnect and with integrated tools.
What is Playbooks?
This is bottom right most dashboard on the front monitors.
What is the "OneDrive Events over Time" dashboard?
This is a free tool used by AGOC to forward syslog to our DCA.
What is Kiwi Syslog Server.
Several of these aggregated together form a trace.
What is a signal?
This is the subnet the SOC desktops are in.
What is 172.16.21.65/26?
The creation of this type of account will allow a user to login and access multiple customers.
What is a superuser?
Rules that fire from the Rules Engine space create alerts that are sent to this index.
What is nl-traces or traces?