You can expect your initial onboarding with Red Canary to take 30 days. This guide will serve as an outline, highlighting the areas you should focus on for your first month along with Red Canary Help articles for each step of the process.
In this article, we'll cover the following:
- Get to know the Red Canary platform and your extended team - Learn about your Red Canary platform as well as the tools and people supporting you as a Red Canary Customer.
- Action Required - Configure and set-up Red Canary - Use these help articles to set up and configure your Red Canary properly, ensuring our Detection Engineers and Threat Hunters are able to help defend your organization as effectively as possible.
- Take action with Red Canary - Get the most out of Red Canary by creating automations, monitoring your environment, and responding to threats.
- Learn more about Red Canary fundamentals - Help articles and How-to videos to help you level up your Red Canary knowledge and understanding. This part of your Onboarding guide will direct you to the best assets to help you become an expert in all things Red Canary.
Get to know the Red Canary platform and your extended team
|
What you need to do |
Why you're doing it |
|
Understand the big picture (Feel free to come back to these sections after you configure and set up Red Canary or whenever you are not sure where to start.) |
Read the following sections to understand everything you are getting from the Red Canary platform: |
|
Take a video-led introduction to Red Canary |
Join us for a video-led introduction to Red Canary, designed to get you familiar with the platform quickly and painlessly. |
| Your Red Canary team is a part of your security team. We're here ensure your organization can achieve its goals without disruption or distraction. |
Configure and set up Red Canary
| What you need to do | Why you're doing it |
| Complete your Company Profile | Define your security protocols to enable Red Canary Threat Hunters to know your escalation contacts. This allows Threat Hunters to reach out to your team in extreme circumstances or regarding active threats identified in your environment. |
| Red Canary ingests and analyzes telemetry from a wide array of alert sources. Integrating your alert sources is essential. Adding supported alert sources to Red Canary is essential for getting the most out of your Red Canary and your security products. | |
| Invite Users to Red Canary | Administrators can invite users to Red Canary and adjust their roles and access controls. Users with any Red Canary accounts have to accept their invitation and set up their account before they can log in. |
| Set up Single Sign On | Using a single sign-on (SSO) provider is one of the best ways to improve the security of your Red Canary users. Red Canary supports Security Assertion Markup Language (SAML) identity providers for single sign-on. |
| Understand and Assign roles |
Roles grant users access to features and functionality in Red Canary. A user can have one or more roles on a subdomain/account. |
Take action with Red Canary
| What you need to do | Why you're doing it |
| Set up automations | Learn all about automations, and then create automations to streamline and expedite your responses to threats. Automation is essential to taking fast and consistent action when events happen in your organization. Red Canary’s automation capabilities are designed to enable you to complete specific security tasks. |
| Monitor endpoints | Verifying that telemetry is being sent and received by Red Canary is essential to maintaining your Red Canary instance. |
| Review threats | Red Canary gives you detailed breakdowns of potentially threatening events in your security environment. Reviewing this information, and how it affects your alert sources, is a key step in securing your environment. |
Learn more about Red Canary fundamentals
| Find your way with Navigate Red Canary |
Watch How-to videos
|
||
| Understand the fundamentals of how Red Canary detects and published threats in your environment. Learn how Red Canary identifies and classifies threats. Most importantly, learn how to respond to threats. | |||
| Intelligence Profiles |
The Red Canary Intelligence Team has developed a library of Intelligence Profiles that describes threats and summarizes the behaviors associated with them. These profiles are associated with potentially threatening events, confirmed threats, and other data throughout Red Canary. Intelligence Profiles are under active development, so you should expect to see changes to both the structure and the content of the profiles over time. |
Viewing time: 1 minute | |
|
Automation is essential to taking fast and consistent action when events happen in your organization. Red Canary’s automation capabilities are designed to enable you to complete specific security tasks.
|
|||
|
Alerts are the notifications that security products send you. Some security products send alerts only when they identify threats that need immediate response. Other security products send alerts in purely informational situations. Learn about the alert life cycle and how Red Canary uses alerts to enrich Red Canary detection data.
|
|||
|
Endpoints are the computing devices throughout your organization. Review these articles and videos to understand how Red Canary identifies, classifies, and attributes license usage. |
Viewing time: 5 minutes | ||
| Integrations | Red Canary uses the data ingested from integrated EDRs and MDRs to monitor your security posture and alert you to any potentially threatening events that have been observed. | Viewing time: 4 minutes | |
| Reports | Reporting is an essential part of every security program. Red Canary’s Report Library is focused on giving you actionable information that you can use as quickly as possible. | ||
Learn about Active Remediation for MDR
Active Remediation is an annual subscription product that can be purchased as an add-on for Red Canary Managed Detection & Response (MDR) for Endpoint subscriptions. Active Remediation provides hands-on-keyboard remediation support for Red Canary-managed endpoints.
Active Remediation: Administration defines the specific process related to each supported EDR.
Comments
0 comments
Please sign in to leave a comment.