Knowledge Base
CyFlare Knowledge Base
Documentation For CyFlare Security Operations Center Subscribers
Recent Articles
Use Case #2: Automated Notification System (ANS)
The SOC can now integrate with specific messaging/notification tools that can generate automated notification within the customer environment for pre-defined alerting scenarios. The automated notifications will be quite generic and are designed to ...Use Case #6: Isolate Endpoint
For mEDR customers, this automation use case is meant to provide immediate response actions when dealing with endpoint-specific threats that could originate from various source tools. This automation use case collects information from the reported ...Use Case #5: Scan/Remediate/Rollback Endpoint
For mEDR customers, this automation use case is meant to provide immediate response actions when dealing with endpoint-specific threats that could originate from various source tools. This automation use case collects information from the reported ...Use Case #4: Email Integration
Exchange/Email servers are a vital part of implementing automated response actions as one of the most common entry points for malicious/unknown entities into customers’ environments. The SOC is enabled with these response actions to prevent and ...Use Case #3: Disable User Account
Active Directory response actions is intended to be utilized when a high probably user compromise incident has been identified by the SOC. The account or device associated with the incident needs to be disabled immediately to avoid further spread ...
Popular Articles
XDRaaS - Quick Start Guide (QSG)
XDRaaS – Quick Start Guide The following items will help guide you through what CyFlare’s deployment team will be working on with you, to get you ingesting data, and moving to being monitored, by the SOC, as quickly as possible. The main items that ...Use Case #1: Firewall Policy Update
Firewall response actions are the best way to deal with noisy public IPs attempting to ping/connect to external public-facing servers in the customer’s environment. This can also help respond to potential malicious IPs very quickly through automated ...Use Case #3: Disable User Account
Active Directory response actions is intended to be utilized when a high probably user compromise incident has been identified by the SOC. The account or device associated with the incident needs to be disabled immediately to avoid further spread ...Use Case #4: Email Integration
Exchange/Email servers are a vital part of implementing automated response actions as one of the most common entry points for malicious/unknown entities into customers’ environments. The SOC is enabled with these response actions to prevent and ...Use Case #5: Scan/Remediate/Rollback Endpoint
For mEDR customers, this automation use case is meant to provide immediate response actions when dealing with endpoint-specific threats that could originate from various source tools. This automation use case collects information from the reported ...