Skip to main content
Red Canary help

Threats

  • Updated .

Threats pages provide extensive analysis about threats in your environment and enable you to act on those threats.

Navigate to the Threats page

From the navigation menu, click Threats to open the Threats page in Red Canary.

2022-09-28_15-49-19.png

Threats overview page

This page features an overview of all of the unresolved threats in your environment.

2022-09-28_14-16-38.png

Use the filter bar 2022-09-29_10-34-54.png to search for threats with specific attributes, such as the state of the threat or the severity. To learn more about using the filter bar, see Filter for specific threats in the Red Canary Help Center.

To drill down to details for any particular threat, click the link for the threat in which you are interested. A details page will open for the threat.

Threat details

The details page for the threat that you are interested in provides extensive analysis and enables you to act on threats.

2022-09-28_14-38-33.png

  • Click the "This threat is consistent with", Affected Endpoint, and Related Identity links to open a slide-out context panel with additional information.
  • Possible actions buttons, across the top of the page:
    • Contact Red Canary - This will take you to the bottom of the page, where you can open a support ticket.
    • Add Note - This button will take you down the page to where you can enter a note that will help you or your team to better understand the threat.
    • Respond - This will take you down to the Threat Timeline. The red side-bar to the right of the window features the actions that you can perform for each activity in the timeline.
  • Affected Endpoint - This is the endpoint that is directly related to the threat.
  • Related Identity - This is the account that is compromised in this threat.
  • Threat Analytics - This is where Red Canary provides an analysis of the threat in terms of the  MITRE ATT&CK framework and provides insights into threat intelligence used by Red Canary. The information here will give you insights into the behaviors and techniques that the adversary is using. Click to learn more about how Red Canary uses MITRE ATT&CK.
  • Related Threats and Events - Click on the link to see related events.
  • Threat Timeline - The Threat Timeline gives you a chronological, play by play view of threat events and actions. At the bottom of the timeline, you can Add a note for your or your team's records and Ask your Red Canary incident handler a question about the given threat.
  • Remediation status: Remediated or Not Remediated - After you've reviewed and understood the threat's activities, effects, and actions taken in response to the threat, you can resolve the threat.

Other options under the Threats tab 

From the Threats tab in the navigation menu, you can also find links to the following pages:

  • Threats By Tactic - This page provides a filtered summary of your threats by MITRE ATT&CK Tactics.
  • Threats By Technique - This page provides a filtered summary of your threats by MITRE ATT&CK Techniques.
  • Heatmap - This matrix shows how threats in your environment relate to MITRE ATT&CK tactics and techniques for the number of days that you define. The matrix here is similar to the one that you'll see in Analytics > Attack Techniques. The difference is that while the Heatmap shows you threats in your environment, Attack Techniques shows you tactics and techniques for which Red Canary has detectors that align with the MITRE ATT&CK framework.
  • Bulk Actions - Find several types of threats and take action on all selected threats at once.

For more information about Threats in Red Canary, check out the Threats section and how-to videos in the Red Canary Help Center.

Comments

0 comments

Please sign in to leave a comment.