Skip to main content
Red Canary help

Threats

  • Updated .

Threats pages provide extensive analysis about threats in your environment and enable you to act on those threats.

Navigate to the Threats page

From the navigation menu, click Threats.

Threats_main.png

Threats overview page

This page features an overview  of all of the unresolved threats in your environment.

Threats_overview.png

Use the filter bar 2022-09-29_10-34-54.png to search for threats with specific attributes, such as the state of the threat or the severity. To learn more about using the filter bar, see Filter for specific threats in the Red Canary Help Center.

To drill down to details for any particular threat, click the link for the threat in which you are interested. A details page will open for the threat.

Threat details

The details page for the threat that you are interested in provides extensive analysis and enables you to act on threats.

Threat_Details.png

  • Possible actions buttons, across the top of the page:
    • Contact Us - This button will open a pop-up window in which you can write a message to your Threat Hunter.
    • Add Comment - This button will open a pop-up window in which you can enter a note that will help you or your team to better understand the threat.
    • Respond - This will take you down to the Threat Timeline. The red side-bar to the right of the window features the actions that you can perform for each activity in the timeline.
  • Click the link next to This threat is consistent with to open a slide-out context panel with additional information 
  • Affected Endpoint - This is the endpoint that is directly related to the threat. Clicking on it will open a new tab with the pertinent information.
  • Related Identity - This is the account that is compromised in this threat. Clicking on it will open a new tab with the pertinent information.
  • Threat Analytics - Here Red Canary provides an analysis of the threat in terms of the  MITRE ATT&CK framework and provides insights into threat intelligence we use. This information provides insights into the behaviors and techniques that the adversary is using. Click to learn more about how Red Canary uses MITRE ATT&CK.
  • Related Threats and Events - Click on the link to see related events.
  • Threat Timeline - provides a chronological, play by play view of threat events and actions. At the bottom of the timeline, you can Add a note for your or your team's records and Ask your Threat Hunter a question about the given threat.
  • Remediation status: Remediated or Not Remediated - After you've reviewed and understood the threat's activities, effects, and actions taken in response to the threat, you can resolve the threat.

Other options under the Threats tab 

From the Threats tab in the navigation menu, you can also find links to the following pages:

  • Threats By Tactic - This page provides a filtered summary of your threats by MITRE ATT&CK Tactics.
  • Threats By Technique - This page provides a filtered summary of your threats by MITRE ATT&CK Techniques.
  • Heatmap - This matrix shows how threats in your environment relate to MITRE ATT&CK tactics and techniques for the number of days that you define. The matrix here is similar to the one that you'll see in Analytics > Attack Techniques. The difference is that the Heatmap displays threats in your environment, whereas Attack Approaches displays tactics and techniques for which Red Canary has detectors that align with the MITRE ATT&CK framework.
  • Bulk Actions - Find several types of threats and take action on all selected threats at once.

For more information about Threats in Red Canary, check out the Threats section and how-to videos in the Red Canary Help Center.

Comments

0 comments

Please sign in to leave a comment.