Problem
At the core of AttackIQ FireDrill is the ability to determine detection of scenario executions on assets by security technology. However, the process of using FireDrill to determine detection within a technology, involved writing a single query for every scenario and every technology that our customers wanted to integrate with. With hundreds of scenarios in our scenario library and numerous integrations available, achieving full detection coverage of all of the scenarios in every technology was a long and difficult process.
Solution
Our latest Integrations update includes a new approach which makes it easy for FireDrill customers to enable detection of scenario executions. A smart query feature for all FireDrill integrations. Using an artifact based approach to automatically determine detection, AttackIQ is proud to announce that our customers no longer have to write queries to achieve full detection coverage in every integration for all of the scenarios in our scenario library. Simply install your desired FireDrill Integration and detection for all scenarios is automatically enabled.
Benefits
- Full coverage for every scenario in the scenario library by default
- No need to write additional queries
- Ability to override the Automated Query Engine
- Supports CrowdStrike, Endgame, Carbon Black Response, Splunk, and ArcSight
