Security Administrator – Tools & Resources

CYLANCE: 

CROWDSTRIKE 

SECUREWORKS 

Client portal is the ticketing system provided by SecureWorks, this portal is where all the tickets / incidents land and account administration is performed. There is a learning centre available for you to explore, that may prove useful. I went through the Red Cloak stuff and that was quite good. They have added more features so there could be stuff available that we are not using at the minute that may help us. 

Portal for the EDR software as mentioned earlier, detections from endpoints are all surfaced within here and depending on alert severity / incident are surfaced within the client portal. Red Cloak generates around 95% of our alert’s tickets within the Client portal and really offers us the biggest benefit. Telemetry from all machines within this portal is kept for around 6 months and is vital to the investigations of many of our incidents. Don’t be alarmed by all the noise, there will always be a lot of low-level detections. But there is the need for a little tidy up and is one of the tasks that I would like you to perform while I am away. I will detail a little more tomorrow.

Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community

Joe Sandbox detects and analyzes potential malicious files and URLs on Windows, Android, Mac OS, Linux, and iOS for suspicious activities. It performs deep malware analysis and generates comprehensive and detailed analysis reports.

Powered by BetterDocs