SOC Workbench - Threat Investigation
Security leaders know that speed matters when responding to threats. This video demo showcases how the eSentire SOC Workbench enables analysts to move from alert to actionable response with unmatched speed and precision. Watch the demo to understand how this SOC could strengthen your defenses, and contact Weston Technology Group, LLC. to explore a personalized deployment.
What is the Investigation Workbench?
The Investigation Workbench is a feature within the Insight portal that helps analysts conduct threat investigations. It provides an enrichment tool called the investigation co-pilot, which pulls additional context and information from vendors regarding log activity. This assists analysts in making informed conclusions about potential threats.
How does the system identify compromised users?
The system identifies compromised users by analyzing sign-in patterns and activities. For example, if a user typically signs in from Ireland but suddenly has multiple sign-ins from locations like the United States, Nigeria, and Tanzania within a short time frame, it raises a flag. Additionally, suspicious activities such as the creation of unusual inbox rules and the use of untrusted devices are also indicators of compromise.
What role does telemetry play in investigations?
Telemetry plays a crucial role in the investigation process by providing detailed information about processes running on an endpoint. It helps analysts build a process tree, allowing them to trace back activities to their origins. For instance, if a WScript process is spawned by an application like OneNote, telemetry can reveal the chain of events leading to that execution, which is essential for understanding potential exploitation paths.
SOC Workbench - Threat Investigation
published by Weston Technology Group, LLC.
Our Vision
Our vision is to provide affordably priced services that allow small and medium-sized businesses to leverage state-of-the-art cloud technologies. In turn, this allows our clients to gain a competitive advantage in their industry and scale with the natural peaks and valleys of business. We're driven by the philosophy that if we help business leaders solve their IT problems so they can become more profitable, productive, and successful, then we will inherently grow along with them.
Reasons
- Rapid Response – Emergency response time is one hour or less guaranteed. We can log in to your PC or server remotely and resolve many issues immediately without the wait for a technician to travel to your location.
- Reputable - WTG has been around since 2004, a respected leader in the community and the industry.
- Experienced - We hire only seasoned, professional technicians with at least 5-10 years experience and usually many more.
- Business Savvy - We design, implement and manage technology solutions from a thorough understanding of the business benefit for your company.
- Proactive – Our service philosophy is proactive, not reactive. With state-of-the-art network monitoring and management, we manage your network 24/7 to identify issues and address them BEFORE they become problems, rather than putting out fires.
- Comprehensive Project Management – Our extensive experience managing all types of complex projects means we will handle every detail and coordinate all vendors so you can rest assured that your project will be completed on time and on budget.
- No Geek Speak – You deserve to have your questions answered in plain English. Our technicians will clearly explain what is happening so you understand.
Sign in with LinkedIn