Attacks
This area displays security events detected by the installed sensors. Security events can turn out to be real attacks.
When you select a security event from the list of detected security events ④, additional details about it ① are shown. In the progress status ⑤, the progress of processing a security event can be logged manually.
The procedure for installing new sensors is described in Installation of attack sensors.
| Number | Description |
|---|---|
| ① | Detail area with information about a selected security event |
| ② | Button to select the sort order |
| ③ | Button to select all listed security events |
| ④ | List of detected security events |
| ⑤ | Progress status of a selected security event |
Security event
For each security event, information is displayed to facilitate easier navigation through the list of security events.
Selecting a security event displays detailed information and the current progress status. Changes to the status are applied immediately. If several assets are selected together, the same status information can be entered for them together.
| Number | Description |
|---|---|
| ① | Title of the security event type |
| ② | ID of the sensor that detected the security event |
| ③ | Button for selecting the security event |
| ④ | Progress status of the security event |
| ⑤ | Source of description |
| ⑥ | Age of the security event |
Security event details
The information in this area will help you assess the time, type, and severity of a security event. All information can be downloaded as .JSON file ①. Link ④ leads directly to the MITRE ATT@CK database.
| Number | Description |
|---|---|
| ① | Button to download a .JSON file with additional information about the security event |
| ② | Detailed information about the occurrence of the security event |
| ③ | Detailed information about the signature of the security event |
| ④ | Detailed information about the classification of the security event |
Progress status
Here you can log how far the processing of a security event has progressed. When you click on a status (①, ②, ③), the respective status is entered. Further explanations can be entered in the input field ④. Changes to status or text are saved immediately.
| Number | Description |
|---|---|
| ① | 'Open' status (pre-selected for new security events) |
| ② | 'In progress' status |
| ③ | 'Closed' status |
| ④ | Input field for an optional comment |