With Deep Visibility, a single query will return results from all your endpoints regardless of whether they are running Windows, Linux or macOS. There’s no need to form separate queries for different platforms. Quicker Query of MITRE Behavioral Indicatorsĭeep Visibility makes hunting for MITRE ATT&CK TTPs fast and painless. It’s as easy as entering the MITRE ID.įor example, you could search your entire fleet for any process or event with behavioral characteristics of process injection with one simple query: With Deep Visibility, you can consume the data earlier, filter the data more easily, pivot for new drill-down queries, and understand the overall story much more quickly than with other EDR products. I also found the rollback feature and SentinelOne integration valuable in SonicWall Capture Client. And thanks to its Streaming mode, you can preview the results of subqueries before the complete query is done.ĭeep Visibility query results show detailed information from all your endpoints, displaying attributes like path, Process ID, True Context ID and much more. SonicWall Capture Client also has the intelligence to tell you which computer is online, what OS it uses, etc. With Storylines, Deep Visibility returns full, contextualized data - including context, relationships and activities - allowing you to swiftly understand the root cause behind a threat with one search.įorget about using query time to grab a cup of coffee: Deep Visibility returns results lightning fast. When you find an abnormal event that seems relevant, use the Storyline ID to quickly find all related processes, files, threads, events and other data with a single query. The Storyline ID is an ID given to a group of related events in this model. Each autonomous agent builds a model of its endpoint infrastructure and real-time running behavior. What is a Storyline?Ĭapture Client’s Deep Visibility offers rapid threat hunting capabilities thanks to SentinelOne’s patented Storylines technology. With SonicWall Capture Client’s new Storylines capability, you can do all this and more, faster than ever before. Let’s take a look. You also need the ability to automate threat hunts for known attacks according to your own criteria. You need the ability to, with a single click, search your fleet for indicators such as those mapped by the MITRE ATT&CK framework. As a threat hunter, your main mission is to understand the behavior of your endpoints and to capture abnormal behavior with rapid mitigation actions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |