Features

Red Canary basics

• Getting around quickly with jump-to / ⌘-K
• Setting up your user profile
• Completing your company profile

Users & Roles

• Inviting users
• Setting up single sign-on
• Understanding and assigning roles
• Setting up single sign-on to a SAML Identity Provider
• Setting up single sign-on to Microsoft Azure Active Directory

See all 13 articles

Endpoints

• Understanding endpoints
• Monitoring Sensor Health and Connection to Red Canary
• Filtering endpoints
• Tagging endpoints for context and reporting
• Containing threats with network isolation

See all 6 articles

Identities

• Understanding identities

Alert Sources

• Understanding external alert sources
• Synchronizing alert status and comments from Red Canary to alert platforms
• Connecting a new alert source to Red Canary
• Creating and managing alert sources

External Alerts

• Understanding external alerts
• Taking action on external alerts with automation
• Using notes to communicate with your team
• Filtering external alerts

Detection Analytics (Detectors)

• Quantifying Red Canary's detection coverage using ATT&CK
• Understanding how Red Canary detects threats
• Determining if Red Canary includes coverage for a specific technique
• Reporting a Red Canary detection miss (false negative)
• Filtering detection analytics

Potentially threatening events

• Understanding potentially threatening events
• Filtering events

Detections

• Getting help and guidance about a confirmed threat
• Recording how you responded to a detection
• Taking action on detections with automation
• Understanding confirmed threats (detections)
• Reporting detection quality issues

See all 8 articles

Automation

• Getting started with automation
• Taking action with playbooks and actions
• Downloading a summary of your automation for compliance & recordkeeping
• Manually triggering a playbook
• Easing into automation with action approvals

See all 6 articles

Reporting

• Getting started with reporting
• Using the impact summary
• Printing and exporting report contents
• Favoriting frequently used reports

Intelligence Profiles

• Intelligence Profiles - Overview
• Accessing Intelligence Profiles
• Red Canary Intelligence Team mission and approach
• How profiles are created
• Profile sections

See all 6 articles

Mitre ATT&CK

• Learning about a technique
• How Red Canary uses Mitre ATT&CK

Activity Monitors

• Setting up file integrity monitoring

Status Checks

• Understanding status checks

Your Red Canary team

• Understanding your extended team at Red Canary
• Submitting a support case
• Securely sharing files with Red Canary

Security & Auditing

• Configuring login timeouts and other general settings
• Reviewing audit logs from your EDR/EPP platform
• Reviewing audit logs

Licensing & Usage

• Understanding licensing and how endpoint usage is determined