User Manual


Welcome

Welcome to DefenseStorm

Put simply, DefenseStorm is a network security system for financial institutions. We monitor for suspicious activity, alert you when its found, and work with you to stop any potential attacks and prevent them from reoccurring. Think of a security system for your house, that's what provide for network protection. 

We communicate with your system through the DVM (DefenseStorm virtual machine), or the Windows Agent, depending on your asset type and configuration settings. Once data reaches our cloud, it is pre-processed via classifiers and placed within a datastore. Triggers search through live data to generate an alert, incident, email, or a combination of the three. 

                                                 

Cybersecurity Program

A complete Cybersecurity Program involves more than just monitoring for security events and keeping up with compliance, it starts with your network hygiene and internal IT department.  The DefenseStorm TRAC team actively looks for events, logs, and alerts that could lead to malicious activity, but sometimes they see false positives or a flood of events caused by poor network hygiene or improper IT configurations. See the chart below for a description of these aspects, example scenarios, and who is in charge of managing. 


Contact Us

Contact Us

There are a few different ways to contact DefenseStorm. You can contact us through Connect, TRAC Team, or Knowledge Center feedback.

  1. Connect: Technical issues with the product, DVM, or UI.
  2. TRAC Team: Security concerns or potential threats on your network. 
  3. Knowledge Center Feedback: Submit general questions on functionality or request additional documentation.


User Interface

GRID Features

All the great features offered by the DefenseStorm GRID are performed through the user interface. See the table below for descriptions and screenshots.

GRID FeatureDescriptionScreenshot
Events

Events is an extremely powerful search engine that gives you the ability to investigate log data thoroughly and efficiently. Queries can be as simple or complex as you make them using straightforward search query language. 


ClassifiersClassifiers allow you to pre-process your data by creating fields, deleting data, and changing field values.
Alert InboxAlert Inbox is a way to manage the alerts that your triggers generate. It shows useful and actionable information that helps you respond quickly.
ThreatMatchThreatMatch gives you the ability to turn on feeds and use Threat Intelligence Sources to identify risks.
Tickets

The Tickets section of the dashboard is where you create, monitor, and/or update Incidents. 


Compliance

Compliance utilizes built-in tools that link your policies to different internal and government guidelines, system alerts, and helps you define, enforce, and report on your security policies. 


Assets

Assets allows you to manage devices that are sending data to the DVM.  The Assets page displays all tracked and untracked assets.