Tracking Image
Get Your Free Community Edition

SIGN UP TODAY!
Free Community Edition
June 29, 2018

Automated Query Engine: Full scenario coverage, no need to write queries

Category: Blog

Automated Query Engine: Full scenario coverage, no need to write queries

 

Problem

At the core of AttackIQ FireDrill is the ability to determine detection of scenario executions on assets by security technology. However, the process of using FireDrill to determine detection within a technology, involved writing a single query for every scenario and every technology that our customers wanted to integrate with. With hundreds of scenarios in our scenario library and numerous integrations available, achieving full detection coverage of all of the scenarios in every technology was a long and difficult process.

Solution

Our latest Integrations update includes a new approach which makes it easy for FireDrill customers to enable detection of scenario executions. A smart query feature for all FireDrill integrations. Using an artifact based approach to automatically determine detection, AttackIQ is proud to announce that our customers no longer have to write queries to achieve full detection coverage in every integration for all of the scenarios in our scenario library. Simply install your desired FireDrill Integration and detection for all scenarios is automatically enabled.

Benefits

  • Full coverage for every scenario in the scenario library by default
  • No need to write additional queries
  • Ability to override the Automated Query Engine
  • Supports CrowdStrike, Endgame, Carbon Black Response, Splunk, and ArcSight

 

 

 

 

About the Author

Joseph Yudenfreund MBA, CISSP
Product Owner