Introduction to DefenseStorm

Put simply, DefenseStorm is a network security system for financial institutions. We monitor for suspicious activity, alert you when its found, and work with you to stop any potential attacks and prevent them from reoccurring. Think of a security system for your house, that's what provide for network protection. 

We communicate with your system through the DVM (DefenseStorm virtual machine), or the Windows Agent, depending on your asset type and configuration settings. Once data reaches our cloud, it is pre-processed via classifiers and placed within a datastore. Triggers search through live data to generate an alert, incident, email, or a combination of the three. 


Contact Us

There are a few different ways to contact DefenseStorm. You can contact us through Connect, TRAC Team, or Knowledge Center feedback.

  1. Connect: Technical issues with the product, DVM, or UI.
  2. TRAC Team: Security concerns or potential threats on your network. 
  3. Knowledge Center Feedback: Submit general questions on functionality or request additional documentation.

User Interface

All the great features offered by the DefenseStorm GRID are performed through the user interface. This includes the dashboard and all its features (See Dashboard), as well as Alerts, Policy, Assets, and more! For help logging into the UI, see our Login FAQ.  


Events is an extremely powerful search engine that gives you the ability to investigate log data thoroughly and efficiently. Queries can be as simple or complex as you make them using straightforward search query language. See Events for more detailed information.  


Classifiers allow you to pre-process your data by creating fields, deleting data, and changing field values. See Classifiers for more detailed information. 

Alert Inbox

Alert Inbox is a way to manage the alerts that your triggers generate. It shows useful and actionable information that helps you respond quickly. See Alert Inbox for more detailed information. 


ThreatMatch gives you the ability to turn on feeds and use Threat Intelligence Sources to identify risks. See ThreatMatch for more detailed information. 


The Tickets section of the dashboard is where you create, monitor, and/or update Incidents. See Tickets for more detailed information.


Compliance utilizes built-in tools that link your policies to different internal and government guidelines, system alerts, and helps you define, enforce, and report on your security policies. See our Compliance & Policy Reporting  article for more details.  


Assets allows you to manage devices that are sending data to the DVM.  The Assets page displays all tracked and untracked assets. See Assets for more detailed information.