This article is part of an overview of getting started using Red Canary:

1. Collect endpoint telemetry
2. Collect external alerts
3. Detect potential threats (performed by Red Canary)
4. Investigate potential threats (performed by Red Canary)
5. Respond to threats using automation

Estimated reading time: 5 minutes

Once endpoint telemetry is flowing to Red Canary (and, optionally, accompanied by external alerts) Red Canary’s detection pipeline kicks in.

Red Canary’s detection engine is designed to identify as many possible types of threats that adversaries may use against your organization. This broad approach results in a lot of false positives for the Red Canary team to investigate but delivers the best results to your organization.

As Red Canary processes the telemetry and alerts collected from your endpoints and security products, any threat intelligence or analytics that match results in the creation of a potentially threatening event that goes to the Red Canary Cyber Incident Response Team (CIRT) for investigation.

Onboard and tune detection

Unlike other security products, Red Canary does not require you to define your own detection rules and Indicators of Compromise (IOC) to get extremely effective results. From day one, you get the benefits of years of Red Canary detection engineering for hundreds of other customers.

Understand detection coverage

Understanding how Red Canary fits into your security stack is critical. You need to know where Red Canary provides coverage and where we do not, and we strive to make that information easy to find.

Within Red Canary, the Analytics and Intelligence pages holds a wealth of information, including:

• Detection Analytics
• Attack Techniques
• Intelligence Profiles
• Intelligence Insights

Detection Analytics

In Red Canary, click Analytics to view Detection Analytics, which displays a list of potentially threatening types of events and the attack technique associated with its behavior. 

Attack Techniques

Red Canary’s detection coverage is most easily viewed in an ATT&CK heatmap found by clicking Analytics and then Attack Techniques. From there, click a specific technique to learn if Red Canary has coverage for it.

Intelligence Insights

Read about emerging trends and threats in cybersecurity in the Insights tab under Intelligence. Intelligence Insights are researched and written by the Red Canary’s Intelligence Team and published continuously to provide you with timely information.

Intelligence Profiles

Use Intelligence Profiles to learn more about prevalent attacks and threats. To view Intelligence Profiles, click Intelligence and then Profiles.

Next, learn about how Red Canary investigates these potential threats and confirms true positives.