Triage is likely only one element of a much larger security infrastructure, and we want it to be easy to incorporate sandbox reports into existing workflows. With the added context of Red Canary’s detections, defenders will be better informed and quicker on the draw.We are always looking for new ways to make the information generated by Triage more accessible and useful to organisations. The Splunk Phantom platform is in active development with new features-such as detection and remediation acknowledgement-set to be released later this year. As an example, earlier this month we added support to automatically block IPs and domains with Microsoft Defender for Endpoint.Ĭustomers with questions or feedback can reach out to their Red Canary Customer Success Manager (CSM) or Incident Handler (IH) via the Portal. ![]() ![]() Red Canary consistently adds new triggers and playbooks to deliver better security outcomes for our customers. Our Automate framework combines triggers (e.g., a detection is published) with playbooks (e.g., Isolate an endpoint and kill a process) for flexible and robust automations conducted within your Red Canary and endpoint detection and response (EDR) technologies. Red Canary has built-in investigative and remedial automations for responses that can be completed solely within our Portal. What other automations does Red Canary offer?
0 Comments
Leave a Reply. |