Many of the threats discussed in the Verizon DBIR can be addressed with StealthINTERCEPT, and a little-known feature called Investigate makes it easy for users to quickly retrieve the policies they care most about.
StealthINTERCEPT’s Investigate feature allows users to easily view specified events across all available Policies. Defining Policies (the Who, When, Where, What, and more) can really help users access the full picture for activity. While this is especially useful for any kind of security review, it also allows for continuing operational visibility.
I personally like to have quick access to Account Lockouts over the last 24 hours, set up like so:
Once defined, selecting the highlighted Save icon allows these same parameters to be quickly referenced again. These saved Investigations will be available in the console for the Administrator and Console Operator users. In addition, they are also available to the Report Users right in the Web Reporting Console:
This Investigate feature helps make your most useful views both easy to create and easily accessible. Remember, these can be configured as desired, so make them work for you, whatever your role may be while using StealthINTERCEPT!
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jeff is a Senior Engineer at STEALTHbits.