SIEM – Use Cases

• Brute Force Detection:It is a common attack that attackers use to gain unauthorized access to endpoints and services such as RDP on Windows endpoints and SSH on Linux machines. However, using our solution of EDR, we can not only detect it but also receive real-time alerts. Furthermore, we can take immediate action to mitigate the threat.
• Malware Detection:EDR covers OS, networks, and cloud services, detecting malware and providing real-time insights via a centralized dashboard.
• File Integrity Monitoring (FIM): EDR continuously monitors the integrity of files and directories to detect and alert when there are file addition, modification, or deletion events and when execute file permission is given to any file. Its dashboard section shows an overview of the events triggered by the FIM module for all and for monitored endpoints.
• Plug n Play (PnP) Activities: USB devices can introduce malware. EDR monitors activity, prevents breaches, protects data, and filters authorized USBs with real-time alerts.
• Vulnerabilities Detection: Vulnerabilities are security flaws in computer systems which EDR detects in applications and operating systems running on endpoints. User can visualize the detected vulnerabilities based on the severity (critical, high, medium & low) on the dashboard.
• Container Security: EDR integrates with container platforms like Docker and Kubernetes and actively monitors container runtime events, application logs, and overall container health and centralizes container event logging and visualization.
• Workload Protection: EDR monitors and protects workloads in cloud environments as well as on-premises workloads. You can integrate with cloud platforms like AWS, Microsoft Azure, GCP, Microsoft 365, and GitHub to monitor services, virtual machines, and the activities occurring on these platforms
• Threat Hunting: EDR detects threat by aligning its rules with the MITRE ATT&CK framework, enabling efficient identification of attacker methods. It can be integrated with more third-party threat intelligence platforms.