Provide SOC teams with automated collection and analysis of Illusive incidents and the option to extend Illusive data and forensics analysis to other potentially malicious activities discovered on your network.
- Automatically collect data and forensics from new incidents detected by Illusive
- Enrich SOC data by retrieving a rich set of incident and forensics information, including: 1) host details and forensics from a potentially compromised host, 2) a forensics timeline, 3) forensics analysis, 4) additional data
- Auto-analyze collected data and calculate incident severity to speed up SOC response times
- Collect forensics from any compromised host and retrieve a forensics timeline
####Deceptions and Attack Surface Manager
Manage the Illusive’s deceptive entities and deception policies to control the way Illusive deploys deceptions across the network, and gain insight into your network’s topography.
- Retrieve detailed lists of approved and suggested deceptive servers and users
- Approve, delete, and query deceptive entities
- Manage deception policy assignments per host
- Retrieve attack surface insights for Crown Jewels and specific hosts
This pack includes XSIAM content.
Collect Events from Vendor
In order to use the collector, you can use the following option to collect events from the vendor:
You will need to configure the vendor and product for this specific collector.
You will need to use the information described here.\
You can configure the specific vendor and product for this instance.
- Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
- Right-click, and select Syslog Collector -> Configure.
- When configuring the Syslog Collector, set: