Events result when detection analytics identify potentially threatening behavior in your organization. These events are analyzed by Red Canary’s Cyber Incident Response Team (CIRT) to determine if they are true or false positives.

Each event is centered around a process that executed on one of your endpoints and includes information such as:

• The process’s name, path, and command line
• Metadata about the binary that was executed, including signing information, size and type, etc.
• Descriptions and links to the detection analytics that identified the potentially threatening behavior

Each event is given an identifier (starting with EVENT) that uniquely identifies the event throughout Red Canary.

Unlike other security products, Red Canary does not require you to define your own detection rules and indicators of compromise (IOC) to get effective results. From day one, you get the benefits of years of Red Canary detection engineering.

The Analyzed Events dashboard provides you with an immediate view of the potential threats identified in your organization by Red Canary using threat intelligence and analytics. This page is where you’ll pivot into events if you want to learn more or check our work.

Do I need to investigate events?

You do not. Red Canary investigates the potentially threatening events to determine if they are true or false positives. You are welcome to review our determination at any time using the Analyzed Events dashboard.

How are events identified?

Events are identified by detection analytics that use a variety of different techniques to flag potentially threatening behaviors or applications.

What if I believe Red Canary improperly investigated an event?

Red Canary is obsessed with detecting threats that might affect your organization, but there will be times when we fail to identify a threat. These false negatives, or detection misses, are critical feedback to Red Canary so we can improve our detection analytics and processes.

Learn more about reporting a Red Canary detection miss / false negative.