Search Results

Prerequisites Access to CyTech - AQUILA Only users assigned the "Owner" or "Admin" role can access the Log Collector installation resources within the platform. Host must be online (offline actions queue and expire after ~2 weeks) What is the...

Google Workspace Gmail Logs The integration collects and parses Gmail audit logs data available for reporting in Google Workspace. You must first export Google Workspace logs to Google BigQuery. This involves exporting all activity log events and usage report...

AQUILA - Zyxel USG Flex 200 Integration The Zyxel USG Flex 200 is a unified security gateway that provides comprehensive network security and management capabilities. It generates syslog events that can be collected, analyzed, and monitored for security insig...

Introduction The Nginx integration allows you to monitor Nginx servers. Use the Nginx integration to collect metrics and logs from your server then visualize that data. For example, if you wanted to be notified if a certain number of client requests failed i...

Salesforce requires secure communication protocols for authorization and data exchange between external applications and Salesforce orgs. This involves creating digital certificates, configuring external client apps, and establishing secure authentication meth...

Introduction Alerts Dashboard is a tool that provides real-time security alerts and notifications. It provides a unified view of different types of alerts, categorizing them by severity and type, and displays critical details such as the source of the alert, ...

Introduction Case Management Dashboard is a tool that provides a comprehensive overview of security incidents. It offers detailed insights into active and past incidents, including their status, severity, and timeline. The dashboard facilitates investigation ...

The Data Explorer feature provides a unified view of log ingestion and event details. It combines visual analytics and tabular data to help clients track log volumes, search for specific events, and analyze data patterns over time. Log Consumption Chart Di...

The Reports Dashboard provides a centralized interface for monitoring, analyzing, and reviewing security tickets and alert activity within a defined date range. It consolidates data into visual charts and categorized metrics, enabling analysts to evaluate inci...

The Alert Rules section provides centralized management of alert rules assigned to various log sources. This module enables administrators and analysts to review, configure, and monitor rules that generate alerts for security and operational events. Header ...

This page allows users to configure and manage notification settings within the CIM (Cyber Intelligence Management) solution. The interface is organized into multiple sections for streamlined navigation and tailored notification management. Notification Th...

Overview: Cyber Incident Management (CIM) is the end-to-end process of preparing for, detecting, analyzing, responding to, and recovering from cybersecurity incidents (such as malware infections, data breaches, insider threats, or DDoS attacks). The goal is ...

Whitelisting Simulated Phishing in Google Workspace (Gmail) For Secure Practice Simulation Emails This step-by-step guide is intended for Google Workspace administrators to allow simulated phishing emails from Secure Practice by properly configuring Gmail to...

AQUILA EDR leverages the core engine of Elastic Endpoint Security, which has been fully integrated and operationalized within the AQUILA Cyber Monitoring and Response Domain. This integration is not merely white labeling at the interface level. Instead, Elast...

Prerequisite Before starting, ensure you have the following ready: Item Details OS Windows 10 / Windows Server 2016 or later Privileges Local Administrator access on the machine Network Outbound HTTP...

Overview The Microsoft Defender for Cloud(external, opens in a new tab or window) integration allows you to monitor security alert events and assessments. When integrated with Elastic Security, this valuable data can be leveraged within Elastic for analyzing ...

Overview This guide walks through the full process of integrating Microsoft Defender for Endpoint (MDE) with the Elastic Stack to centralize security telemetry, enrich alerts, and enable unified threat hunting across your environment. The integration works b...

Overview This guide covers the full integration of Microsoft Defender XDR with the Elastic Stack. Microsoft Defender XDR is a unified extended detection and response platform that correlates signals across endpoints, identities, email, cloud apps, and cloud w...

Overview This guide walks you through connecting Microsoft Entra ID to Elastic so that your identity logs flow automatically into Elasticsearch. Once set up, you'll be able to search, visualize, and alert on Sign-in logs, Audit logs, and Identity Protection l...

Overview This guide provides step-by-step instructions for integrating Microsoft Entra ID (formerly Azure Active Directory) Entity Analytics with the Elastic Security platform. By completing this integration, your security team will be able to ingest identity...