More explanations about IoEs
Signed-off-by: Julien CLEMENT <julien.clement@epita.fr>
This commit is contained in:
Родитель
4652c9dcff
Коммит
9e0918dbcb
|
@ -263,7 +263,7 @@
|
|||
{
|
||||
"type": 1,
|
||||
"content": {
|
||||
"json": "# Indicators of Exposure\r\nOur IoEs are behavioral detection indicators powered by the latest intelligence on the Active Directory threat landscape. Our team builds our IoEs from technical indicators (IOCs) and tactics, techniques and procedures (commonly referred as TTPs), and disseminate them to our users’ platforms transparently, therefore ensuring a permanent state-of-the-art detection capability.\r\n\r\n\r\n**Alsid for AD** measures the security maturity of your AD infrastructures through Indicators of Exposure (IoEs) and assigns severity levels (**Critical**, **High**, **Medium** or **Low**) to the constant flow of events that is being monitored and analyzed.\r\n\r\n\r\nFrom **Alsid for AD** interface, the **Indicators of Exposure** page displays IoE tiles arranged in the following order:\r\n\r\n- By severity level via color codes (red for Critical, orange for High, yellow for Medium and blue for Low).\r\n\r\n- Vertically, by order of severity (red for top priority and blue for least priority).\r\n\r\n- Horizontally, by order of complexity (starting with the least complex cases and ending with the most complex cases). The complexity indicator is dynamically computed by Alsid's platform to describe how difficult it will be for the Administration team to fix the deviant IoE.\r\n\r\n\r\nIn case of security regressions, **Alsid for AD** will trigger alerts."
|
||||
"json": "# Indicators of Exposure\r\nOur IoEs are behavioral detection indicators powered by the latest intelligence on the Active Directory threat landscape. Our team builds our IoEs from technical indicators (IOCs) and tactics, techniques and procedures (commonly referred as TTPs), and disseminate them to our users’ platforms transparently, therefore ensuring a permanent state-of-the-art detection capability.\r\n\r\n\r\n**Alsid for AD** measures the security maturity of your AD infrastructures through Indicators of Exposure (IoEs) and assigns severity levels (**Critical**, **High**, **Medium** or **Low**) to the constant flow of events that is being monitored and analyzed.\r\n\r\n-\tCritical: The IoE is dealing with AD sensitive object that will lead to a full AD compromise is one of them is accessed by an illegitimate user\r\n-\tHigh : The IoE is either dealing with post exploitation techniques (that could allow credential thefts for example or backdooring) or with exploitation techniques which is requiring some level of administrative right to be exploited\r\n\r\n-\tMedium : The IoE is referencing a security issue that will have impact on business related data but without endangering the entire AD infrastructure\r\n\r\n-\tLow: The IoE is related to good security practices. Deviances raised by this IoE have a minimal security impact on the monitored infrastructure\r\n\r\n\r\nFrom **Alsid for AD** interface, the **Indicators of Exposure** page displays IoE tiles arranged in the following order:\r\n\r\n- By severity level via color codes (red for Critical, orange for High, yellow for Medium and blue for Low).\r\n\r\n- Vertically, by order of severity (red for top priority and blue for least priority).\r\n\r\n- Horizontally, by order of complexity (starting with the least complex cases and ending with the most complex cases). The complexity indicator is dynamically computed by Alsid's platform to describe how difficult it will be for the Administration team to fix the deviant IoE.\r\n\r\n\r\nIn case of security regressions, **Alsid for AD** will trigger alerts."
|
||||
},
|
||||
"customWidth": "50",
|
||||
"name": "text - 1"
|
||||
|
|
Загрузка…
Ссылка в новой задаче