One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 829946 |
| Date de publication | 2018-10-03 13:00:00 (vue: 2018-10-03 16:00:41) |
| Titre | AlienVault Agent Now Has Improved Filtering Capabilities |
| Texte |
On July 31st, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, AlienVault’s unified solution for complete threat detection, response, and compliance. With EDR built into USM Anywhere, users can centralize security monitoring of their endpoint and network activities across cloud and on-premises environments, without the need to deploy, integrate, and manage a separate solution. The platform automatically correlates security events from across their IT infrastructure using continuous threat intelligence from the AlienVault Labs Security Research Team, helping security teams quickly detect, prioritize, and respond to threats.
Customers have been excited to use the new capabilities, which are enabled by the AlienVault Agent, a lightweight endpoint agent based on osquery that performs continuous endpoint monitoring as part of the unified platform. Amidst the positive feedback for the Agent, we’ve also asked customers to share the most important ways we can continue to improve its functionality. More granular control over the data the Agent collects has been the most requested enhancement
Today, we’re pleased to deliver the ability to filter events from the AlienVault Agent for added control over your data consumption. Now, you can create a filtering rule directly from any agent-based event in USM Anywhere, making it fast and easy to customize the data you collect.
Filtering rules aren’t the only way to regulate your data consumption with the AlienVault Agent. When you deploy the Agent, you immediately leverage the expertise of the AlienVault Labs Security Research Team to manage your data usage with the “optimized” configuration profile, which is selected by default. The Labs Team designed this configuration profile to collect only the security-relevant data from your endpoints, enabling you to get up and running quickly without consuming more data than you need. Alternatively, you can choose to collect additional endpoint data, including syslog events, by switching to the “full” profile. With either configuration profile, you can add filtering rules for additional control over the type of data the agent collects.
Deploying the AlienVault Agent extends USM Anywhere’s powerful threat detection and response capabilities to the endpoint, enabling you to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints. Continuous threat intelligence from the AlienVault Labs Security Research Team ensures the AlienVault Agent’s queries are always up-to-date to detect the latest threats.
Unlike point security solutions, USM Anywhere combines multiple security capabilities into a unified cloud platform, including EDR, SIEM, IDS, vulnerability assessment, and more, giving you the essential security capabilities you need in a single pane of glass, drastically reducing cost and complexity.
Learn more about the AlienVault Agent and the new EDR capabilities in USM Anywhere:
Try it out (and create your own filtering rule!) in our interactive demo experience
Read the EDR solution brief
See a real-world example of malware |
| Envoyé | Oui |
| Condensat | by enabling including making which you 31st ability about across activities add added additional agent agent’s alienvault alienvault’s also alternatively always amidst analysis any anywhere anywhere’s anywhere: are aren’t asked assessment automatically based based event been blog brief built can capabilities centralize choose cloud collect collects combines complete complexity compliance configuration consuming consumption continue continuous control correlates cost create critical customers customize data date day default deliver demo deploy deploying designed detect detection directly drastically easy edr either enabled enabling endpoint endpoints enhancement ensures environments essential events example excited experience expertise extends fast feedback files filter filtering fim free from functionality get giving glass granular has have helping ids immediately important improve improved including infrastructure integrate intelligence interactive its july labs latest launched learn leverage lightweight linux malware manage modern monitor monitoring more most multiple need network new now only osquery out over own pane part performs platform pleased point positive post powerful premises prioritize profile publicly queries quickly read ready real reducing regulate relevant requested research respond response rule rules running security see selected separate share siem single solution solutions start started switching syslog team teams than threat threats today trial try type unified unlike usage use users using usm vulnerability way ways we’re we’ve when which windows without world your |
| Tags | Malware Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.