Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 1277 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Event Handling & database management

Floki Saints

Good day!

 

Is there some procedure on security event handling if the endpoint protection detected a breach/virus?

Also, is there some procedure for database housekeeping or historical data handling? 

 

 

Thanks!



This thread was automatically locked due to age.
  • +1

    Hello Floki,

    depends on what you mean exactly by detected a virus. Central/Intercept X has the Threat Cases (formerly Root Cause Analysis) feature, there's no equivalent in SEC. Even TC doesn't return a verdict though, to quote from the article The information provided[...] does not necessarily require an action, but helps you to investigate [...]. Most detections (if you notice them at all) don't require investigation. SIEM tools offer help but have their limits and won't provide ideal results out-of-the-box.

    historical data handling
    AFAIK Events and acknowledged Alerts are deleted after one year (you can configure this in the console using the Console's ToolsConfigure Reporting ... , tab Purge, outstanding Alerts are kept "forever", and outstanding errors are automatically acknowledged after 14 days. In addition there's the PurgeDB.exe tool.

    Christian

Unfiltered HTML