Capture-client-3-7-rapid-threat-hunting-with-deep-visibility-and-storylines
As a threat hunter, your main mission is to understand the behavior of your endpoints and to capture abnormal behavior with rapid mitigation actions. You need the ability to, with a single click, search your fleet for indicators such as those mapped by the MITRE ATT&CK framework. You also need the ability to automate threat hunts for known attacks according to your own criteria.
With SonicWall Capture Client’s new Storylines capability, you can do all this and more, faster than ever before. Let’s take a look.
What is a Storyline?
Capture Client’s Deep Visibility offers rapid threat hunting capabilities thanks to SentinelOne’s patented Storylines technology. Each autonomous agent builds a model of its endpoint infrastructure and real-time running behavior.
The Storyline ID is an ID given to a group of related events in this model. When you find an abnormal event that seems relevant, use the Storyline ID to quickly find all related processes, files, threads, events and other data with a single query.
With Storylines, Deep Visibility returns full, contextualized data — including context, relationships and activities — allowing you to swiftly understand the root cause behind a threat with one search.
The Storylines are continuously updated in real time as new telemetry data is ingested, providing a full picture of activity on an endpoint over time. This allows greater visibility, enables easy threat hunting and saves time.
Para el ver artículo original:https://blog.sonicwall.com/en-us/2022/02/capture-client-3-7-rapid-threat-hunting-with-deep-visibility-and-storylines/
Últimos Artículos
