ProtectWise
Version: ProtectWise
ProtectWise is a cloud-delivered Network Detection and Response (NDR) platform. It provides a new utility model for enterprise security, delivering pervasive visibility, automated threat detection, and unlimited forensic exploration on-demand and entirely from the cloud.
Netsurion Open XDR integrates with ProtectWise to collects logs and creates detailed reports, alerts, dashboards, and categories. These attributes of Netsurion Open XDR helps user to view/receive the critical and relevant information regarding security, operations and compliance.
Reports contains a detailed summary of threat detected by ProtectWise in IP, URL, DNS, certificate, events and many more in column-value pair.
Alerts are triggered as soon as a high scored threat is received by Netsurion Open XDR for ProtectWise.
Dashboards is a graphical representation of all the activities happening in ProtectWise. These include threat category by threat level, threat by source IP, threat score for all log types and others.
These attributes or configurations of Netsurion Open XDR allows administrators to quickly take appropriate actions against any threat/adversaries trying to jeopardize an organization’s normal operation.
Netsurion Data Source Integration for ProtectWise allows you to monitor the following components:
- Security – Threat Detected, IP reputation, DNS reputation, Certificate reputation, URL reputation, File reputation, Payload
- Operation – Events
Once ProtectWise is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | ProtectWise – Threat Detected | This alert is generated when any high score threat is detected. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | ProtectWise – IP Reputation | This report gives the threat data information related to detected IP. Report contains connection category, threat score and level, src and dst IP address, port and other fields which will provide a detailed view about user activity. |
| Security | ProtectWise – URL Reputation | This report gives the threat information related to detected URL. Reports contains category, threat score and level, severity, URL reputation category and other details which can be used for further investigation. |
| Security | ProtectWise – File Reputation | This report gives threat information related to files detected by ProtectWise. Reports contains category, file type, threat score and level and other useful details for further investigation. |
| Security | ProtectWise – DNS Reputation | This report gives threat information related to detected DNS. Report contains threat category, score, level, DNS query, src and ds tip, port and other useful information. |
| Security | ProtectWise – Certificate Reputation | This report gives threat information related to detected certificate by ProtectWise. Reports contains threat category, level, score, signing chain, src and dst IP and other useful information for further analysis. |
| Security | ProtectWise – Payload | This report gives threat information related to payload detected by ProtectWise. Report contains threat category, level, score, src and dst IP and other useful information for further analysis. |
| Operations | ProtectWise – All Events Detected | This report gives information about resources that describe a threat and contains a collection of observations. Report contains threat category, level, score, src and dst IP and other useful information for further analysis. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.2 or later, and ProtectWise.
Download Integration Guide and How-to Guide for configuration instructions and more information.