TrapX DeceptionGrid

Applies to: TrapX DeceptionGrid v6.1

Overview

TrapX is a new generation of deception technology that provides real-time breach detection and prevention. Its field-proven solution deceives would-be attackers with turn-key decoys (traps) that imitate true assets. Traps can be deployed, creating a virtual minefield for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.

Netsurion integrates with TrapX DeceptionGrid and monitors crucial events such as threats detected and malicious traffic events.

Netsurion provides insights about the TrapX DeceptionGrid scan events and connection events. Netsurion reports TrapX DeceptionGrid scan events and connection events, providing a detailed summary for various events like the scan hosts, device connected, etc.

Security: Connection activities and interactive activities.
Operations: Scan activities.

Previous Next

After the TrapX DeceptionGrid is configured to deliver the TrapX DeceptionGrid events to Netsurion, then the alerts, dashboards, and reports can be configured into Netsurion.

Security

Alerts

TrapX DeceptionGrid - Connection trap has been detected: This alert generates whenever a host is successfully connected with another host.
TrapX DeceptionGrid - Interaction trap has been detected: This alert generates whenever a host interacts and is involved in different suspicious operations.
TrapX DeceptionGrid - Reconnaissance trap has been detected: This alert generates whenever a host activity is involved in collecting the information.

Reports

TrapX DeceptionGrid - connection activities - This report gives information about the devices connected to their hosts. It contains fields information like the hostname, protocol, source IP address, source port, destination IP address, company name, operating system, operating system version, destination port, etc.

Operations

Alerts

TrapX DeceptionGrid - Scan trap has been detected: This alert generates whenever scan activities happen on their hosts.

Reports

TrapX DeceptionGrid - Scan activities: This report gives information about network scanning to discover active hosts and detect vulnerabilities. It contains field information like the source IP address, hostname, source port, destination IP port, destination port, and protocol.

Scope

The configuration details are consistent with the Netsurion version 9.2X and later and the TrapX DeceptionGrid v6.1.

Documentation:

To configure TrapX DeceptionGrid to forwarding logs to Netsurion, refer to the How-to Guide.

For more information please refer to the Integration Guide.