Below this section, you’ll see the detections are divided into hosts, users, files, and then detection by scenario, severity, and then host, and hash at the very bottom.
And then we also have this geographical breakdown here as well. Then towards the middle of the page, we have detection count by scenario, device count by scenario, and then detection count by severity and device count by severity. Initially at the top, we have just detection, so the more recent detections are listed from top to bottom. The detection activity dashboard leaves out detections in a multitude of ways. Today, we’re going to focus on the detection activity dashboard. There are three types of dashboards, the executive summary, which is a high level overview of everything that’s going on in your organization, the detection activity, which is different ways to organize the detections in your organization, and then, finally, the detection resolution, which are the cases that have been opened and closed and then organized in different reports. Today, I’m going to help you walk through and give a few examples of some of these. The Falcon user interface has lots of tools to help you hunt for threat activities in your organization.
How to Hunt for Threat Activity with Falcon Host Endpoint Protection
0 kommentar(er)
