Versions Compared

Old Version 10

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version 11

changes.mady.by.user Anthony Shevlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can select one or more events from the table to send them to DeepTrace, or right click on the event to send it.

...

Note

The DeepTrace icon remains in the toolbar if you log out or change domain, otherwise, it is removed.

Info

Why can't I see that option?

This option is only available when there is no grouping and at least one event is selected in the table.

Once the alert definition is created you can see the status of the alert by clicking on the Alerts or DeepTrace tabs in the navigation pane:

  • DeepTrace tab: Click DeepTrace in the navigation pane. A new browser window opens showing you the DeepTrace user interface.

...

  • Alerts tab: Click Alerts in the navigation pane. Check theTrace statuscolumn to see the status of your alert. You can also click on the DeepTrace icon that appears in the Action column to open DeepTrace.

...

The navigation panel contains the following set of links to pages of the DeepTrace user interface:

Link

Icon

Details

Dashboard

Image RemovedImage Added

Provides a general overview of:

  • Traces

  • Devices

  • Triggers

  • Leads

Traces

Image RemovedImage Added

Displays the traces that depict suspicious activities or attacks in a searchable table format.

Devices

Image RemovedImage Added

Shows a list of the devices implicated in the traces with the highest risk scores.

Search

Image RemovedImage Added

Enables users to conduct ad-hoc searches for processes exhibiting suspicious behavior and hence to trigger investigations as a result.

Hunt

Image Removed

Image Added

Enables users to browse the results of hunts that map to MITRE ATT&CK framework tactics and techniques. It also enables users to configure new hunts. Once refined and validated, these can be converted to new cadence-based threat detections.

Triggers

Shows the triggers that started autonomous investigations.

Monitor

Enables users to view Performance data, Statistics, Health data, and the list of monitored devices.

Administration

Enables users to manage DeepTrace configuration settings, such as wh

itelists and data adapters.

Log out

Logs the current user out.

...

  • To filter the evidence by metadata, use the metadata dropdowns above the time series chart.

Image Modified

Each piece of evidence is associated with metadata (device, domain, process, username, tactic, technique, etc.). Use the metadata dropdowns to filter for evidence based on its metadata. Your metadata selections are applied simultaneously to the time series chart and the evidence list.

...