SOCFortress Platform
Interacting With The SOCFortress Platform
FREE TRIAL: https://www.socfortress.co/trial.html
Intro
At SOCFortress we provide three main platforms for our users that cover three main focus points.
- Security Event Dashboards
- Case Management
- Threat Intel
Our security dashboards provide your SOC analysts with all data collected from endpoints, network devices, or service providers such as Office 365. The case management platform enables collaboration amongst your SOC analysts as they work together to quickly pinpoint and mitigate potential breaches. Our threat intel backed by more than 1 million current Indicators of Compromise quickly pinpoints high severity alerts.
Security Event Dashboards
Our security dashboards provide a wealth of detail into all activity collected from your endpoints, network devices, and more. To view all of your endpoint alerts, select the EDR-_SUMMARY under the “DASHBOARDS & TELEMETRY” section of your home dashboard.
You are provided with all alerts that are originating from any host within your environment. The top right section of your window details all high severity alerts. Scrolling down the page we see of all our alerting groups.
Lastly, we come upon all alerts regardless of severity level.
To dive deep into the alert, simply select the event ID.
Selecting the drop down then opens up all the meta data around the alert. Uh oh, here we see the user “jromero” established a network connection via telnet to known malicious IP address.
Let us now take a look at all other network connections made from this endpoint. First, select the home icon to be sent back to the home dashboard.
Then select the “Network Connections” Dashboard.
Here we also see the flagged IP address and other network connections around that same timeframe.
We can view our “System Vulnerabilities” Dashboard to view vulnerable software running on our endpoint. First go back to the Home page.
Here we can view all vulnerable software and their severity levels installed onto our endpoints.
View the latest IoCs by selecting the “Threat Intel Database” Dashboard
The dashboards detailed above are just a few of our provided dashboards. Start exploring on your own and explore all of your data!
Have a suggestion? Reach out to us through our support portal: https://servicedesk.socfortress.co/help/2979687893
Case Management
Any efficient SOC team relies on a case management platform that brings to life alerts that need to be analyzed further. At SOCFortress we provide a case management platform built around automation to bring high severity alerts in front of our analyst’s eyes.
Here we see, an ssh connection was established to a known botnet.
Our SOC team can create and assign various tasks to one another to remediate the alert.
Threat Intel
No SIEM is complete without a strong backend of threat intelligence. SOCFortress IoC feeds, of more than 1 million observables, help our analysts quickly pinpoint events that require attention amidst our sea of alerts. Looking at our previous Case Management example, we see a hyperlink to view the report of the IP associated with a Botnet.
The SOCFortress hunting platform provides our analysts with the ability to read up further on this known botnet and pinpoint other observables apart of this malware campaign.
Conclusion
This post is just a brief insight into the SOCFortress platform and its offerings. Feel free to explore on your own through our customer demo, or start to explore your own data with our 30 day free trial.
Demo: https://www.socfortress.co/demo_access.html
Free Trial: https://www.socfortress.co/trial.html
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Platform Demo: https://www.socfortress.co/demo_access.html
