Glossary

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Administrator (user)

Ability to create/edit/modify/delete other users within their org along with all other user permissions.

Alert Modified

Update to Alert rule

Anomaly

Rare event(s) that cause suspicion

Asset Hostname

Asset nickname for quick identification

Asset ID

Keep track of when an asset was uploaded to the GRID

Asset Importance

Level of importance given to asset data

Asset Name

Insert all names here to avoid duplicate assets

Asset Tag

Add tags for organizing, searching, and filtering

C

Chart

Graphical view of event data

CIDR Range

Block of IP Addresses that could be seen on your network.

Classifier

Modify or remove event data as it is processed by GRID

Cleaned

Asset was scanned, malware was removed and the host was returned to service

Cloud Storage

When data is stored on remote servers

Cold Storage

Data that is not searchable through the console. Can be brought into live mode if requested

Compliance

The act of using policies to meet or exceed guidlines

Config Changed

An event caused by a network configuration change

Cybercompliance

Following guidelines to ensure your network is in compliance

Cybersecurity Program

Combination of GRID, TRAC, and your network policies

D

Dashboard

A custom display of charts on the UI's homepage

Data Retention

Data is retained in the GRID for 90 days

DefenseStorm Virtual Machine (DVM)

Gateway between your network and the GRID

Dismissed

Not a false positive or a potential threat

E

Escalated

Sent to TRAC for further review

Event

Any activity that generates a log

Executive Level Reporting

Reporting that is analyzed and reviewed by executive-level board members

F

False Positive

When an Incident is positive according to rule logic, but false upon further review

FQDN

Fully qualified domain name

G

Gap Analysis

When the experts at DefenseStorm compare your network to any desired guidline and provide a report showing where your program needs improving to be fully compliant.

GRID UI

User interface of the DefenseStorm GRID

I

Incident

An event that needs further investigation

Incident State (Analysis)

Undergoing analysis

Incident State (Closed)

No further action necessary

Incident State (Remediation)

Efforts are underway to resolve damage and root cause

Incident State (Resolved)

The problem has been discovered but not remediated

Incident State (Triage)

Default state when an Incident is created

Input Token

Key that allows your network to communicate with the GRID

Integrations

Access and ingestion of third-party data

L

Live Storage

GRID searchable data (past 90 days)

M

Machine Learning

When the DefenseStorm GRID learns your network and can distinguish between normalities and anomalies.

Maintenance

Updates to product due to changes in requirements legislation, modifications in the software or hardware (operational) environment

Merge Asset

Combining an untracked asset with a tracked asset

P

PatternScout

Anomaly detection

Policy

A set of rules put into place to ensure compliance with a regulation

Power User

Ability to do everything a user can do plus create incidents, classifiers and alerts

Q

Query

Language used to search events

R

Read-Only User

Can only observe data

S

Sysmon

A free tool that provides endpoint visibility and record critical events while being non-intrusive, invisible to use, and if setup correctly, no negative performance impact.

T

Task

A one-time job assignment

Task Schedule

A re-occuring job assignment

Template

An specific organization of charts ready to be generated as a report.

Threat-Sharing

Combination of known threat intelligence within a community

Threatfeed

Information from threat-sharing sources on common attacks, remedies, and prevention.

TRAC

DefenseStorm’s internal cybersecurity and compliance experts

Tracked Asset

A registered asset

Trigger

Sends an alert when parameters are met

Trigger Library

List of recommended triggers

True Positive

An alert is 100% malicious or unauthorized activity on your network.

Two Factor Authentication (2FA)

Two-tier login method to increase security

U

Untracked Asset

An asset sending data but is not registered

User

A profile created for specific GRID access

W

Watcher

CC'ing someone to be kept informed