The latest release of StealthDEFEND 1.1 brings us a new highly anticipated feature, Investigations. This brings a new custom experience to the threats and alerts you see in the product by allowing you to define your own threats by specifying the: who, what, where, and when.
By navigating to the “Investigate” page in the menu, you are presented with the file activity events for the current day along with the top hosts, top users, and event details. I really like utilizing this page to have a quick glance at my file activity for the day. Additionally, this allows me to click on a user or a host to get more details about the events associated with either.
The real value here is creating investigations and alerts of your own. Suppose you want to monitor a specific employee during their last couple weeks on the job or maybe you want to monitor a specific sensitive set of shares in your file system and receive alerts when certain file actions occur. This can all be done with the extensive filters while creating a new investigation. Plus, if you already currently leverage STEALTHbits Sensitive Data Add-On for StealthAUDIT, you can bring in sensitive data context to your StealthDEFEND console. The ability to do this makes the product a complete purpose-built machine learning solution around Data Access Governance.
After saving a new investigation if will appear in your saved investigation library. You can also save it as an alert, which allows you to receive e-mail alerts any time that filtered activity is triggered or even send the alert to your SIEM device if you have one. A lot of my current customers love leveraging the SIEM integration to receive the general out of the box threats like High Risk Permission Changes and Abnormal Activity.
The product team is adding in actions in the next release of StealthDEFEND which will allow users to take action on the threats. These actions include automatically locking down a user, moving a user to a different location, reversing high-risk permission changes, and more. Stay tuned for more information about the next release!
Head over to our website to learn more about StealthDEFEND 1.1 and how your organization can stay on top of abnormal file activity behavior.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Dan is a Presales Engineer at Stealthbits – Now part of Netwrix. Prior to moving over to Presales, Dan worked as a Technical Product Manager.
Related Posts
- PROTIP – How to Purge Data in StealthAUDIT
- PROTIP – Fulfill a DSAR with StealthAUDIT 11.0
- Best Practices – Setting up StealthAUDIT SQL Server Database
- ProTip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for Oracle
- Pro Tip – StealthINTERCEPT DB Maintenance Best Practices
- PROTIP: Policy Registration & Managing StealthINTERCEPT via PowerShell and Editing StealthDEFEND Investigations & Categorizing Playbooks
- PROTIP: How to Update the “Have I Been Pwned” (HIBP) Breach Dictionary in StealthINTERCEPT Enterprise Password Enforcer and StealthAUDIT
- Protip: How to Setup User Activity & Database Logon Scans in StealthAUDIT for Oracle
- ProTip – The Power of Character Substitution Checks in StealthINTERCEPT Enterprise Password Enforcer
- Protip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for SQL
Leave a Reply