Incident response

Plixer One Enterprise combines Plixer Scrutinizer’s deep, environment-wide visibility and intuitive UI-driven workflows with advanced detection techniques for security events to enhance a team’s ability to respond to threats.

Overview

Plixer Scrutinizer’s “single-pane-of-glass” feature set is designed around providing maximum network observability via synergistic web interface functions and views that streamline monitoring and investigative activities.

Full visibility supporting incident response and other security processes

As part of an incident response plan, Plixer Scrutinizer ensures that SecOps teams have access to all the traffic and device information they need for investigation and remediation:

  • Get comprehensive, contextualized details for intrusion detection system (IDS) and intrustion prevention system (IPS) events

  • Access full network traffic forensics to watch for and investigate security information management (SIM) events

  • View full IP to MAC address mapping history for all connected devices and endpoints

  • See real-time and historical endpoint context and location

  • Assess endpoint risk through layer 2 historical location tracing

  • Glean additional insights from detection details via MITRE ATT&CK, STIX/TAXII, and other integrations

Web interface functions that promote more efficient response strategies and procedures

Plixer Scrutinizer enables more efficient general security and incident response workflows through multiple functions/features, including:

Workflows

The following workflows show how the additional visibility and workflow enhancements enabled by Plixer Scrutinizer can be leveraged by SecOps teams for monitoring and incident response: