ProtectWise Integration

ProtectWise

Version: ProtectWise

ProtectWise is a cloud-delivered Network Detection and Response (NDR) platform. It provides a new utility model for enterprise security, delivering pervasive visibility, automated threat detection, and unlimited forensic exploration on-demand and entirely from the cloud.

Netsurion's Open XDR platform integrats with ProtectWise to collects logs and creates detailed reports, alerts, dashboards, and categories. These attributes of Netsurion's Open XDR platform helps user to view/receive the critical and relevant information regarding security, operations and compliance.

Reports contains a detailed summary of threat detected by ProtectWise in IP, URL, DNS, certificate, events and many more in column-value pair.

Alerts are triggered as soon as a high scored threat is received by Netsurion's Open XDR platform for ProtectWise.

Dashboards is a graphical representation of all the activities happening in ProtectWise. These include threat category by threat level, threat by source IP, threat score for all log types and others.

These attributes or configurations of Netsurion's Open XDR platform allows administrators to quickly take appropriate actions against any threat/adversaries trying to jeopardize an organization’s normal operation.

Netsurion Data Source Integration for ProtectWise allows you to monitor the following components:

Security - Threat Detected, IP reputation, DNS reputation, Certificate reputation, URL reputation, File reputation, Payload
Operation - Events

Once ProtectWise is configured to deliver events to Netsurion's Open XDR platform; alerts, dashboards and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type	Name	Description
Security	ProtectWise - Threat Detected	This alert is generated when any high score threat is detected.

Reports

Type	Name	Description
Security	ProtectWise - IP Reputation	This report gives the threat data information related to detected IP. Report contains connection category, threat score and level, src and dst IP address, port and other fields which will provide a detailed view about user activity.
Security	ProtectWise - URL Reputation	This report gives the threat information related to detected URL. Reports contains category, threat score and level, severity, URL reputation category and other details which can be used for further investigation.
Security	ProtectWise - File Reputation	This report gives threat information related to files detected by ProtectWise. Reports contains category, file type, threat score and level and other useful details for further investigation.
Security	ProtectWise - DNS Reputation	This report gives threat information related to detected DNS. Report contains threat category, score, level, DNS query, src and ds tip, port and other useful information.
Security	ProtectWise - Certificate Reputation	This report gives threat information related to detected certificate by ProtectWise. Reports contains threat category, level, score, signing chain, src and dst IP and other useful information for further analysis.
Security	ProtectWise - Payload	This report gives threat information related to payload detected by ProtectWise. Report contains threat category, level, score, src and dst IP and other useful information for further analysis.
Operations	ProtectWise - All Events Detected	This report gives information about resources that describe a threat and contains a collection of observations. Report contains threat category, level, score, src and dst IP and other useful information for further analysis.

Documentation

The configuration details are consistent with Netsurion version 9.2 or later, and ProtectWise.

Download Integration Guide and How-to Guide for more information and to configuration instructions.