We don't expect our customers to use the Advanced tab as Alarms are enough. However, we don't hide the abilities of the tools we use and show our customers what we do for them in our Secure Operation Center on their behalf.
The ‘advanced’ tab that allows the user to do very detailed forensic analysis on the past or be warned of an event if it occurs in the future.
You can save a filter and the next time you get an alert you can receive a SMS or email (tripwire)
You can also review and filter alerts in a ‘list’ view or a ‘grouped’ view.
If you click on an event you can get information on information such as:
- Country of Origin
- IP address / MAC / Hostname / Port of Origin
- Internal asset
- First time we saw event
- How many times event occurred
- Any references we have so you can get more detail on the issue in general
- Header information from the packet
- PCAP to download into Wireshark
- Rule that was tripped
- Hexdump of packet
- Related events that occurred within the hour/day/week on that same asset. This is valuable if you are seeing if something is spreading or if the bad actor is trying additional hacking techniques.