Search Results

Overview The Cyber Risk Assessment Management (CRAM) framework is designed to provide a comprehensive and structured approach for organizations to evaluate, manage, and mitigate cyber risks. It is composed of multiple interconnected building blocks, each capt...

Overview Host isolation exceptions (also called endpoint isolation exclusions) are configurable rules in Endpoint Detection and Response (EDR) systems—such as Elastic Security, Microsoft Defender for Endpoint, or Cortex XDR—that allow specific IP addresses, p...

Overview Install the AQUILA Endpoint Agent (AEA) to start monitoring your device and strengthen your security posture. The AQUILA Endpoint Agent (AEA) helps you scan and monitor your endpoints for Endpoint Protection, Data Loss Prevention, and Vulnerability D...

Research on Elastic EDR Response Actions for: Forensic commands for malware investigation on isolated hosts API integration documentation for external systems Key Findings: Elastic EDR has 11 response actions for remote host management Primary tool:...

Introduction The Nginx integration allows you to monitor Nginx servers. Use the Nginx integration to collect metrics and logs from your server then visualize that data. For example, if you wanted to be notified if a certain number of client requests failed i...

Introduction Alerts Dashboard is a tool that provides real-time security alerts and notifications. It provides a unified view of different types of alerts, categorizing them by severity and type, and displays critical details such as the source of the alert, ...

Introduction Case Management Dashboard is a tool that provides a comprehensive overview of security incidents. It offers detailed insights into active and past incidents, including their status, severity, and timeline. The dashboard facilitates investigation ...

The Data Explorer feature provides a unified view of log ingestion and event details. It combines visual analytics and tabular data to help clients track log volumes, search for specific events, and analyze data patterns over time. Log Consumption Chart Di...

The Reports Dashboard provides a centralized interface for monitoring, analyzing, and reviewing security tickets and alert activity within a defined date range. It consolidates data into visual charts and categorized metrics, enabling analysts to evaluate inci...

The Alert Rules section provides centralized management of alert rules assigned to various log sources. This module enables administrators and analysts to review, configure, and monitor rules that generate alerts for security and operational events. Header ...

This page allows users to configure and manage notification settings within the CIM (Cyber Intelligence Management) solution. The interface is organized into multiple sections for streamlined navigation and tailored notification management. Notification Th...

Overview: Cyber Incident Management (CIM) is the end-to-end process of preparing for, detecting, analyzing, responding to, and recovering from cybersecurity incidents (such as malware infections, data breaches, insider threats, or DDoS attacks). The goal is ...

AQUILA EDR leverages the core engine of Elastic Endpoint Security, which has been fully integrated and operationalized within the AQUILA Cyber Monitoring and Response Domain. This integration is not merely white labeling at the interface level. Instead, Elast...

Prerequisite Before starting, ensure you have the following ready: Item Details OS Windows 10 / Windows Server 2016 or later Privileges Local Administrator access on the machine Network Outbound HTTP...

Overview The Microsoft Defender for Cloud(external, opens in a new tab or window) integration allows you to monitor security alert events and assessments. When integrated with Elastic Security, this valuable data can be leveraged within Elastic for analyzing ...

Overview This guide walks through the full process of integrating Microsoft Defender for Endpoint (MDE) with the Elastic Stack to centralize security telemetry, enrich alerts, and enable unified threat hunting across your environment. The integration works b...

Overview This guide covers the full integration of Microsoft Defender XDR with the Elastic Stack. Microsoft Defender XDR is a unified extended detection and response platform that correlates signals across endpoints, identities, email, cloud apps, and cloud w...

Overview This guide walks you through connecting Microsoft Entra ID to Elastic so that your identity logs flow automatically into Elasticsearch. Once set up, you'll be able to search, visualize, and alert on Sign-in logs, Audit logs, and Identity Protection l...

Overview This guide provides step-by-step instructions for integrating Microsoft Entra ID (formerly Azure Active Directory) Entity Analytics with the Elastic Security platform. By completing this integration, your security team will be able to ingest identity...