One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 620360 |
| Date de publication | 2018-05-01 13:00:00 (vue: 2018-05-01 15:07:50) |
| Titre | AlienVault Monthly Product Roundup April 2018 |
| Texte |
We are continuously making improvements and rolling out new features to USM Anywhere to help your team to be more effective at detecting and responding to threats. You can keep up with USM Anywhere releases by reading our release notes in the AlienVault Product Forum. Here is a roundup of the highlights from our April 2018 releases:
Go Threat Hunting with OTX Endpoint Threat Hunter™:
Okay, so technically this one is not a USM Anywhere feature, but it is very cool (and free!) and worth the mention here. Earlier this month, we launched OTX Endpoint Threat Hunter™— a new free service in Open Threat Exchange® (OTX™) that allows anyone to hunt for malware and other threats on their endpoints using the indicators of compromise (IOCs) catalogued in OTX. It’s powerful, easy to use, and completely free.
Introducing our not-so-secret Agent, man:
OTX Endpoint Threat Hunter is powered by the AlienVault Agent—a lightweight and adaptable endpoint agent based on osquery. We plan to extend the use of the AlienVault Agent in USM Anywhere and have already begun to invite USM Anywhere users to request early access to the AlienVault Agent through the product, under the new Agents page. Participation in early access is limited.
The AlienVault Agent provides deep visibility into your environment with File Integrity Monitoring and event forwarding on Windows and Linux endpoints. It is simple and fast to install and has a small footprint. With the AlienVault Agent, you can get to endpoint security insights quickly, without the cost and complexity of a standalone endpoint security solution. We’ll announce general availability later this year, so stay tuned!
Leveling up our sensor security:
In an effort to constantly improve our security hygiene (we already floss daily), this month, we added secure transport capabilities to USM Anywhere sensors. USM Anywhere now supports syslog over TCP (port 601) and secure transport through TLS (port 6514), so you can rest easier at night.
Show me the data sources:
When it comes to data collection for threat detection, the first and most important thing to know is whether your data sources are supported and how. To make it easier and faster to navigate data collection in USM Anywhere, we added a new Data Sources menu to the main navigation. This menu consolidates all the different ways USM Anywhere collects data from your environment: Sensors, Agents, and Integrations. The new Integrations page includes tabs for Plugins, Sensor Apps, and AlienApps, which now includes the Forensics and Response App. In addition, we streamlined the existing Settings menu, again making USM Anywhere simple and fast to use.
New and improved data sources:
Speaking of data sources, we regularly add support for new data sources and improve our methods of collection, parsing, and normalization for existing data sources. You can always find our full list of data sources, including AlienApps and plugins, here.
If you don’t see a data source here that you want to support, fear not. AlienVault will build support for most commercially available products at no additional charge. You can submit a request |
| Envoyé | Oui |
| Condensat | 'client 'malware ‘malware 2013 2018 2628 365 601 6514 about above access actionable activity adaptable add added adderall addition additional again against agent agent—a agents alienapps alienvault all allows already always amazon amazon: amsi analysis announce anyone anywhere anywhere: api app application apps april are argument asa: attack attackers/users automated availability available aws banker based begun build but can capabilities capture catalogued certutil charge cisco clientinfostring clientipaddress cloudtrail: collect collection collects comes commercially common completely complexity compromise condensed consolidates constantly continuous continuously control cool correctly correlation cost cve daily data day deep default delivered delivers deployment designation destination detect detecting detection different disabling don’t downloading duo: earlier early easier easy effective effort emerging endpoint endpoints environment environment: event every evolving exchange exchange® exchange: existing exploit extend families fast faster fear feature features fields file files find first fixed floss following footprint forensics fortianalyzer forticlient: fortinet forum forwarding frameworks free from full gateway general get gh0st has hash have hawkeye help here highlight highlights how hpe humming hunt hunter hunter™— hunter™: hunting hygiene ibm important improve improved improvements includes including incorrect indicators infection info infoblox insights install integrations integrity intelligence introducing invite iocs issue it’s java keep keeps kerio key know known labs last later launched least leveling lightweight limited linux list listed log logs main make making malicious malware man: marcher mention menu methods microsoft microsoft: mimikatz missing mobile module monitor monitoring month month: monthly more most msil name names navigate navigation netscaler: network never new newsletter nids: night njrat normalization not notes now nxlog nxlog: office okay one open openvpn: opti oracle order osquery other otx otx™ out outcome over page panda parse parsing part participation plan platform plugins port powered powerful powerlessshell powershell prime process processing product products provides qradar quickly radrat re: reading reddrop regularly release releases releases: remcos/remvio remote request required research responding response rest rolling roundup rubberducky rule rules secret secure security security: see sensor sensors service settings show side silverpeak simple single slocker small solution source sources sources: spawning speaking sql standalone stay stealthbits storeonce streamlined submit subscribe support supported supports syslog sysmon tabs tcp team technically than that’s thing threat threats through tls transport triada trojan' trojan’ tuned umbrella under unfold updated updates use users using usm version very visibility vulnerability' wan want ways we’ll weblogic weekly when whether which wild will win32 windows windows: without worth xtrat year your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.