Potentially threatening events are analyzed by Red Canary’s Cyber Incident Response Team (CIRT) to determine if they are true or false positives.

Each event is centered around a process that executed on one of your endpoints and includes information such as:

• The process’s name, path, and command line
• Metadata about the binary that was executed, including signing information, size and type, etc.
• Descriptions and links to the detection analytics that identified the potentially threatening behavior

Each event is given an identifier (starting with EVENT) that uniquely identifies the event throughout Red Canary.

Red Canary, unlike other security products, does not require you to build your own detection rules and indicators of compromise (IOC) in order to achieve successful results. From day one, you gain the benefits of years of Red Canary detection engineering.

The Analyzed events dashboard provides an immediate view of the potential threats identified in your organization by Red Canary using threat intelligence and analytics. This page is where you’ll pivot into events if you want to learn more or check our work.

Do I need to investigate events?

You do not. Red Canary investigates the potentially threatening events to determine if they are true or false positives. You are welcome to review our determination at any time using the Analyzed Events dashboard.

How are events identified?

Events are identified by detection analytics that use a variety of different techniques to flag potentially threatening behaviors or applications.

What if I believe Red Canary improperly investigated an event?

Detecting threats that may threaten your business is what Red Canary does best, but there will be times when we fail to identify a threat. These false negatives, or detection misses, are critical feedback to Red Canary so we can improve our detection analytics and processes. Click here to learn more about how to report detection misses.