One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 950699 |
| Date de publication | 2018-12-17 14:00:00 (vue: 2018-12-17 16:00:54) |
| Titre | AlienVault Monthly Product Roundup October / November 2018 |
| Texte |
At AWS re:Invent recently, I spoke to several booth visitors who asked, “What’s new with AlienVault?” It was exciting to talk through some of the improvements we’ve made over the last year and see their eyes widen as the list went on. As our customers know, we regularly introduce new features to USM Anywhere and USM Central to help teams detect and respond to the latest threats. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum.
Let’s take a look at the highlights from our October and November releases:
Mac OS Support for the AlienVault Agent
In July, we announced the addition of endpoint detection and response (EDR) capabilities to USM Anywhere, enabled by the AlienVault Agent. The AlienVault Agent is an osquery-based endpoint agent that provides system-level security, including file integrity monitoring and host intrusion detection (HIDS). Over the last few months, we’ve listened carefully to customer input to guide our continued improvement of the AlienVault Agent, leading us to improve filtering rules for better control over data consumption and make a number of additional enhancements.
In November, we addressed a top customer request with the addition of Mac OS support for the AlienVault Agent. Now, USM Anywhere customers can use the AlienVault Agent for continuous threat detection and file integrity monitoring (FIM) on their Linux, Windows, and Mac hosts.
.png)
AlienVault Agent Queries as Response Actions
USM Anywhere accelerates incident response with the ability to orchestrate response actions directly from an alarm. With just a few clicks, you can take an immediate, one-time action or create a rule to make sure that action happens automatically going forward. (Check out examples of automated incident response in action in this blog post.)
To enhance your ability to respond swiftly and efficiently to potential threats, we’ve added a new response action to trigger AlienVault Agent queries. Like our other response actions, you can find this option directly from the detail view of an alarm or as part of an orchestration rule.
.png)
Launch AlienVault Agent Queries from Agents Page
In addition to the response action listed above, you can now trigger AlienVault Agent queries from the Agents page by clicking the “Run Agent Query” button. You can run queries against a single asset or all assets that have the AlienVault Agent installed.
|
| Envoyé | Oui |
| Condensat | “assets “assign “run “what’s 2018 ability above accelerates action actions added adding addition additional addressed against agent agents agents” alarm alarms alienvault all allowing also always announced anywhere app apps asked asset assets assign attack automated automatically available aws based been better blog booth boy building built button can capabilities carefully cde central certificate certificates change check clicking clicks configuration connection consumption containing continued continuous control correlation create customer customers data default delivers delivery demand deployed deployment detail detect detecting detection digital directly display does dss dynamic each edr effect efficiently emerging empire enable enabled enabling encrypted endpoint enhance enhancements ensure example examples exciting expanded experts extensive eyes features file filtering fim find following forum forward from functionality global going group groups guide happens has have help here hids higher highlights host hosts immediate improve improved improvement improvements incident include including input install installed integrity intelligence introduce intrusion july just keep key know labs landscape last latest launch leading let’s level like linux list listed listened located look mac made madominer make mask menu might monitoring monthly months new newsletter not notes november now number october one only option options orchestrate orchestration osquery other out over own page part pci perform platform post posts potential procedures produced produces product profile” profiles provided provides purposes queries query” re:invent read reading ready recently regenerate regular regularly release releases releases: request research research: respond response roundup rule rules run scope security see selecting server settings several share signatures similar single some sources/integrations/sensor specific spoke ssl subscription support suppressed sure swiftly syslog system tab tactics take talk team teams they’re threat threats through time tls tools top track transport trigger update updates upload uploaded use users usm view visitors want we’ve week went which who widen windows year you're your |
| Tags | Threat Guideline |
| Stories | APT 23 |
| Notes | |
| Move | 
|
.png){kind=link}
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.