Not Planned

it would be usefull, to have a list with the most important descriptions of the detections with its meanings

I'm starting to investigate in the DETECTIONS  on the Trhead detections with the information of the CLOUD

and I have some problems to understand the meaning of the detection descriptions.

So I think it would be usefull  to have a   a guide with some best pràctices to manage all this big quantity of information from the cloud.

and to have in a single document a list with the most important or most serious cases or its descriptions  and their meanings

It would be usesfull a relationship :   the description of a detection -->  its  meaning

Thank you  very much

G Planisi
  • in reply to DominicRemigio

    Good Morning  DominicRemigio

    Thanks for your sugestion.

    I'll do it.  I'll contact Sophos Support  when I not understud the future detections

    Thank you

  • in reply to G Planisi

    Hi  ,

    Due to the number of possible new detections, we suggest that you contact Support if you are having issues in resolving the detections that you encounter.

    Thank you.

  • in reply to DominicRemigio

    Hi DominiciRemigio
    First I apologyse for my ignorance in some settings,  I'm trying to learn more.

    Second, perhaps i made a mistake,  When i said  CLOUD, when  I really wanted to say  DATA LAKE 

    One Trhead can be:

    Hora del evento              13 de nov. de 2022 23:35:55
    Tipo de ataque                ExposureCategoríaVulnerabilityRiesgo4Referencias
    id      "COMPLIANCE-DEP-PERMISSIVE"
    Descripción de la regla       DEP is not Admin Opt-out or Always-on.

    osquery_action               "added"
    path                                  "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemStartOptions"
    query_name                  "vulnerability_dep"
    This is one of the "descriptions" and an others, meanly related to the registry,  that I would like to have one document
    with a list with the most important or most serious cases or its descriptions  and their meanings,  or a relation with the descriptions
    and a thex with a more complet meaning.
    I know that the bd knowledge of sophos,  is very complet,  but it can be hard to search information for some cases.
    I've tried to find information of   the description related before,  and i didn't find anything.  Perhaps is my fault.
    Thanks for your intereset and help.

  • Hi  ,

    Can you provide us the exact link of the "DETECTIONS  on the Trhead detections with the information of the CLOUD" that you are referring to?

  • Hi ,
    Good day, and thank you for your feedback.
    We will look into this and get back to you once we progress.

Unfiltered HTML