We’ve had a long running issue where CB Response has been altering our data retention based on the amount of data we’re sending to their servers. It would be nice to filter certain processes out of the ingestion to enable more efficient logging.Ĭhanging data retention rules. I found the tool to have limited log filtering. If you’re a shop with a SIEM you may consider centralizing logs from CB Response. For example, if you wanted the threat hunt by doing long tail analysis on a particular process that is making a netconn, it’s very difficult (maybe impossible) to do within the tool. As mentioned in some other comments, the tools doesn’t allow you to do statistical analysis on the data. We are probably moving away from it in the future for a few reasons: It will give you process data and enable isolation and live response on endpoints that run the agent. If you don’t have an endpoint tool, it is a huge step up in terms of visibility. I’ve been using it for about five years now.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |