Menu Structure
|
Main Category
|
Middle Category
|
Description
|
|
Dashboard
|
Active Dashboard
|
Integrate all kinds of security information including event occurrence and log information collection status, log analysis statistics, etc. and provide it on the screen in a user-defined format
|
|
ComprehensiveDashboard System
|
Provides a comprehensive dashboard that displays detection event attack information using a globe visualization and various status components for an overview of the system flow.
| |
|
Monitoring
|
Log Search
|
Use operators to support search for a variety of fields
Analyze Timeline and groups for each field through statistical analysis
Intuitively analyze correlations between systems and each event log through Visual Analysis Toolkit and provide a function to search for Whois on the screen
|
|
Performance Information
|
Provide a detailed performance information screen by device using the CPU, Memory, Disk (usage) status information list and SMS log of connected devices
| |
|
Collection Status
|
Provide information on the count of log collections by device and by time, the log collection and the collection status by device
| |
|
Alert History
|
Provide user-defined alert targets and alerts recently generated according to options in a message format
| |
|
Event
|
General Event
|
Create events when at least the standard count occurs by detection based on user-defined rulesets for a user-defined time
|
|
TI Event
|
Provide events when the source IP, destination IP, File HASH, and URL of all log information collected by managing TI (Threat intelligence) defined by a specific user are compared to match TI
| |
|
Correlation Analysis Event
|
Create events when at least the standard count occurs by using the results of a higher ruleset as the search option of a lower ruleset based on rulesets defined by the user step by step for a user-defined time
| |
|
Performance Event System
|
CPU, Memory, Disk (Read/Write), and Traffic (Inbound/Outbound) based on predefined threshold criteria to determine normal/abnormal status and displays this information on the screen.
| |
|
Statistic
|
TOP Analysis
|
Ranking statistics according to the count of logs collected based on a source IP, a destination IP, a destination Port, an attack name, a source country, a destination country and a device IP
|
|
Event Statistics
|
Day-based statistics and Time-based statistics by analyzing events
| |
|
Report
|
Create a report by registering a report policy to be created in the report schedule management. A report supports Word, excel, PPT and PDF formats.
| |
|
SOAR
|
My Monitoring
|
My Monitoring is a visualized screen to show progress related to a logged-in user at once
Provide information on ticket information designated by a person in charge, processing status, alert messages, posts, etc.
|
|
Ticket Waiting Status
|
Visualizes the status of pending tickets through graphical representations.
| |
|
Ticket Processing Status
|
Displays the ticket status and analysis results using visualized data, providing detailed ticket information and functions for task management.
| |
|
Manual Ticket Registration
|
Create a ticket by using a screen that directly creates a ticket mannually
| |
|
Playbook Monitoring
|
Maps detected events to the MITRE ATT&CK framework and provides relevant information.
| |
|
SOAR Monitoring
|
Check the entire task processing progress in general and provide visualized results on a screen you want to manage
| |
|
ATT&CK Navigator
|
Manages notices shared between different tasks.
| |
|
Security Monitoring
|
Notice
|
Manage notices to be shared between tasks
|
|
Security Trends
|
Manage security trends to be shared between tasks
| |
|
Situational Control Log
|
Manage control situations and provide alert messages according to the approval line designated as a person in charge
| |
|
Security Policy Application Status
|
A screen to show request results such as blocking, search, unblocking, etc. by using the API of a security device (FW, WAF, IPS, IDS, etc.) among components. Check the history of blocking or unblocking and provide a function for unblocking, re-blocking, etc.
| |
|
Justification Status Monitoring
|
Generates threat analysis reports within the Playbook component, displaying a list of created reports.
| |
|
National Cyber Crisis Alert
|
Screen to manage the history of alert steps for national cyber security threats
| |
|
Information Share Status
|
Screen to check information delivered by e-mail or SNS
| |
|
Threat Analysis Report
|
Create a report through threat analysis report components in the playbook. A screen to show the list of these created reports
|