Features
Red Canary basics
Users & Roles
- Inviting users
- Setting up single sign-on
- Understanding and assigning roles
- Setting up single sign-on to a SAML Identity Provider
- Setting up single sign-on to Microsoft Azure Active Directory
Endpoints
- Understanding endpoints
- Monitoring Sensor Health and Connection to Red Canary
- Filtering endpoints
- Tagging endpoints for context and reporting
- Containing threats with network isolation
Identities
Alert Sources
External Alerts
Detection Analytics (Detectors)
Potentially threatening events
Detections
- Getting help and guidance about a confirmed threat
- Recording how you responded to a detection
- Taking action on detections with automation
- Understanding confirmed threats (detections)
- Reporting detection quality issues
Automation
- Getting started with automation
- Taking action with playbooks and actions
- Downloading a summary of your automation for compliance & recordkeeping
- Manually triggering a playbook
- Easing into automation with action approvals
Reporting
Intelligence Profiles
- Intelligence Profiles - Overview
- Accessing Intelligence Profiles
- Red Canary Intelligence Team mission and approach
- How profiles are created
- Profile sections