To view Detection Analytics (Detectors), click Analytics from the navigation menu. Here, you’ll find a list of threats observed by Red Canary, a brief description of the threat, and the attack techniques observed. This list shows what types of threats Red Canary is looking for when ingesting your telemetry.
Click Attack Techniques to view a matrix, similar to the Heatmap found under Threats, that shows the MITRE ATT&CK tactics and techniques that Red Canary observes to discover potentially threatening events and active threats. The difference between Attack Techniques and the Heatmap is that while the Heatmap displays active threats, Attack Techniques shows you tactics and techniques for which Red Canary has detectors that align with the MITRE ATT&CK framework. Click the Export Navigator Layers button to the top-right of the page to view prevalent techniques over the past several years.
File Activity Monitors
See what critical system information, such as system files and paths, are being modified by clicking File Activity Monitors. From here, you can create new file activity monitors and set up automation to be notified when a modification occurs.
To view software that Red Canary has observed in your organization and classified as Unwanted or may be unauthorized, click Applications. If a product is considered Unwanted by Red Canary but used in your organization, toggle the Status here to no longer receive threats when this product is observed.
For more information about Analytics in Red Canary, including how Red Canary detects threats, check out the Analytics section in the Red Canary Help Center.
Please sign in to leave a comment.