Responding to Alarm Monitor security alertsΒΆ
Plixer Scrutinizer leverages a range of technologies to alert users to anomalous and potentially malicious network activity through its library of Alarm Policies. Once policy violations are reported via the Alarm Monitor views, security teams can drill into individual event details to evaluate whether further investigation is necessary.
Workflow
To investigate an Alarm Policy (e.g., Data Exfiltration, Data Accumulation, etc.) violation (e.g. data e) reported in the Alarm Monitor:
Click on the Alarm Policy to open the summary view.
Review the activity timeline and hosts involved.
If further investigation is warranted, drill into individual event artifacts for more details.
Click the icon next to an IP address or hostname to run an automatically filtered report and examine additional activity/hosts associated with the event.
Hint
For additional context and/or details related to how and why the host was compromised, review all alarms leading up to the policy violation.