This article is part of an overview of getting started with Red Canary:
- Collect endpoint telemetry
- Collect external alerts
- Monitor endpoints
- Detect potential threats (performed by Red Canary)
- Investigate potential threats (performed by Red Canary)
- Respond to threats using automation
Estimated reading time: 5 minutes
Red Canary’s detection engine is designed to identify as many possible types of threats that adversaries may use against your organization. This broad approach results in a lot of false positives for the Red Canary team to investigate but delivers the best results to your organization.
As Red Canary processes the telemetry and alerts collected from your endpoints and security products, any threat intelligence or analytics that match results in the creation of a potentially threatening event that goes to the Red Canary Cyber Incident Response Team (CIRT) for investigation.
Onboard and tune detection
Unlike other security products, Red Canary does not require you to define your own detection rules and Indicators of Compromise (IOC) to get extremely effective results. From day one, you get the benefits of years of Red Canary detection engineering for hundreds of other customers.
Understand detection coverage
Understanding how Red Canary fits into your security stack is critical. You need to know where Red Canary provides coverage and where we do not, and we strive to make that information easy to find.
Within Red Canary, the Analytics and Intelligence pages holds a wealth of information, including:
- Detection Analytics
- Attack Techniques
- Intelligence Profiles
- Intelligence Insights
In Red Canary, click Analytics to view Detection Analytics, which displays a list of potentially threatening types of events and the attack technique associated with its behavior.
Red Canary’s detection coverage is most easily viewed in an ATT&CK heatmap found by clicking Analytics and then Attack Techniques. From there, click a specific technique to learn if Red Canary has coverage for it.
Read about emerging trends and threats in cybersecurity in the Insights tab under Intelligence. Intelligence Insights are researched and written by the Red Canary’s Intelligence Team and published continuously to provide you with timely information.
Use Intelligence Profiles to learn more about prevalent attacks and threats. To view Intelligence Profiles, click Intelligence and then Profiles.
Next, learn about how Red Canary investigates these potential threats and confirms true positives.