Blog

IP and Port Scan Alerts

This post will describe how to look at alerts from Observable for network scans, which tends to be harder to judge.


Continue Reading

Static Devices and Detecting Deviations

Observable’s Endpoint Modeling is good at monitoring the “Internet of Things” things. Not only workstations and servers, but printers, phones, cameras, sensors, or industrial devices, and others devices that are found on many networks. It’s possible to identify subtle changes in behavior (that might indicate a compromise) without producing lots of nuisance alerts.

Continue Reading

Investigating Potential Data Exfiltration with the Observable Web Portal

Observable detects all types of security-related issues, including multiple types of alerts in the “data loss prevention” category. These are aimed at identifying instances when a user (or an attacker) might have transferred files or data outside the local network without authorization. Read this post to learn more.

Continue Reading

Researching Potential Threats with Observable's Web Portal

Learn what happens when Observable sends you an alert so you will be able to react to it properly. This post describes how to use the Observable web portal to research a set of suspicious connections.

Continue Reading