XMCyber continuously finds attack vectors to critical assets. This integration fetches events (incidents) on new critical assets at risk, new choke points, and trends in the overall risk score. Additionally incidents are enriched with incoming attack vectors to the incident's endpoints, and critical assets at risk form the incident.
- New attack path to a critical asset triggers alerts and options to quarantine/disconnect/patch
- New attack technique triggers alerts and options to change policy, and scan endpoints
- Incidents from EDRs are enriched with critical asset information and if the severity is high then action can be taken