At Threat Stack we are continuously enhancing the Cloud Security Platform® to improve your ability to identify and respond to threats. We have just added an “Alert Trends” view that lets you quickly and easily see spikes in alerts, enabling faster detection of anomalous behaviors.
Alerts Trends Overview
The name says it all: Alert Trends is the visualization of alert history over time. Instead of showing a single point in time, the feature lets you see alert trends so you can identify the areas you need to focus on. Alert Trends enables you to:
- Quickly detect peaks and valleys in alerts, navigate to anomalies, and identify trends
- Immediately narrow the time window of alerts to minutes, hours, or days
- Reduce the time needed to review alerts and therefore drive faster resolution times
In addition, the record of dismissed alerts that is stored on the Alerts page enables you to demonstrate how you have managed risk within your environment, quantify security improvements over time, and provide a record that demonstrates to an auditor that you have reviewed and acknowledged particular behaviors.
How it Works
As the following screen shows, Alert Trends appears at the top of the Alerts page and is organized over time by the number and severity of alerts that are found on a daily basis. This can help you track “abnormal spikes” of alerts more effectively and review behaviors that caused the events.
To display Alert Trends, you simply drag the sliding bracket along the histogram to the time period you want to review and then view the behaviors that caused the alerts.
As you move the bracket, the details that appear on the page change to display relevant information, including the raw alerts related to the behaviors in the body of the alerts. Also shown are the specific behaviors and events that you can use for further analysis and action.
Final Words . . .
We have designed the Alert Trends feature to create a visualization that helps you see patterns in behavior so you immediately know where to focus your attention. This, in turn, enables you to quickly and easily spot trends, analyze anomalies, and take action either by creating a rule or a suppression to handle the identified behavior.
If you would like to learn more about Alert Trends or the Threat Stack Cloud Security Platform®, please contact us today so we can discuss your security needs and arrange to give you a detailed demonstration.