TrapX DeceptionGrid
Version: TrapX DeceptionGrid v6.1
TrapX is a new generation of deception technology that provides real-time breach detection and prevention. Its field-proven solution deceives would-be attackers with turn-key decoys (traps) that imitate true assets. Traps can be deployed, creating a virtual minefield for cyberattacks, alerting you to any malicious activity with actionable intelligence immediately.
Netsurion Open XDR integrates with TrapX DeceptionGrid and monitors crucial events such as threats detected and malicious traffic events.
Netsurion Open XDR provides insights about the TrapX DeceptionGrid scan events and connection events. Netsurion reports TrapX DeceptionGrid scan events and connection events, providing a detailed summary for various events like the scan hosts, device connected, etc.
- Security: Connection activities and interactive activities.
- Operations: Scan activities.
Once TrapX DeceptionGrid is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | TrapX DeceptionGrid – Connection trap has been detected | This alert generates whenever a host is successfully connected with another host. |
| Security | TrapX DeceptionGrid – Interaction trap has been detected | This alert generates whenever a host interacts and is involved in different suspicious operations. |
| Security | TrapX DeceptionGrid – Reconnaissance trap has been detected | This alert generates whenever a host activity is involved in collecting the information. |
| Operations | TrapX DeceptionGrid – Scan trap has been detected | This alert generates whenever scan activities happen on their hosts. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | TrapX DeceptionGrid – connection activities | This report gives information about the devices connected to their hosts. It contains fields information like the hostname, protocol, source IP address, source port, destination IP address, company name, operating system, operating system version, destination port, etc. |
| Operations | TrapX DeceptionGrid – Scan activities | This report gives information about network scanning to discover active hosts and detect vulnerabilities. It contains field information like the source IP address, hostname, source port, destination IP port, destination port, and protocol. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.2 or later, and TrapX DeceptionGrid.
Download Integration Guide and How-to Guide for configuration instructions and more information.