This post will describe how to look at alerts from Observable for network scans, which tends to be harder to judge.
Observable’s Endpoint Modeling is good at monitoring the “Internet of Things” things. Not only workstations and servers, but printers, phones, cameras, sensors, or industrial devices, and others devices that are found on many networks. It’s possible to identify subtle changes in behavior (that might indicate a compromise) without producing lots of nuisance alerts.Continue Reading
Observable detects all types of security-related issues, including multiple types of alerts in the “data loss prevention” category. These are aimed at identifying instances when a user (or an attacker) might have transferred files or data outside the local network without authorization. Read this post to learn more.Continue Reading
Learn what happens when Observable sends you an alert so you will be able to react to it properly. This post describes how to use the Observable web portal to research a set of suspicious connections.Continue Reading