This document identifies the detections that are available to CyFlare clients from the identified managed security services.
Filters & Definitions
- This represents whether the default mode for the detection. It may be On or Off by default for various reasons.
Solution Name -
This is the CyFlare given name for an offered managed security solution.
Solution Category -
This is the CyFlare given category name for the managed security solution.
- Represents the unique name for that detection based on the use case that triggers that detection into the SOC.
- This represents a CyFlare methodology for normalizing security events across various SIEM & Security solutions.
- There are 2 options available. There are built in detections available labeled as "Product Feature" and custom detections enabled by the SOC labeled as "CyFlare Threat Hunter".
- This is the default action the CyFlare ONE platform will take when executing your playbooks. There are a few options available:
- No automatic triage or enrichment is required and the detection is sent directly to human triage queue
Conditional Auto Close
- The detection may be automatically closed once evaluating against the context fields you provided as part of your onboarding and ongoing communications with the SOC. If the conditions match the event may automatically be ticketed.
Conditional Auto Ticket
- The detection may be automatically ticketed once evaluating against the context fields you provided as part of your onboarding and ongoing communications with the SOC. If the conditions match the event may automatically be ticketed.
- The detection is automatically evaluated and processed to create a ticket
MITRE ATT&CK Tactic
- denoting short-term, tactical adversary goals during an attack
MITRE ATT&CK Technique
- describing the means by which adversaries achieve tactical goals
The below application lists out the available options using various filters to narrow the focus based on the criteria.