What’s New

Several new features are introduced in this ClearSkies^TM SaaS NG SIEM version 5.9:

Analytics

Big Data Search

The enhanced “Big Data Search” application improves user experience by increasing productivity and effectiveness as follows:

• A query-based event count timeline helps visualize anomalies with more details on an activity during a selected period. When creating a column-based analysis (filter), a bar chart visualization offers a new perspective. Search queries can be bookmarked for future reference.
• All search queries are now being validated for convenience, and users are now notified if a query is invalid.
• The search query window carries an auto-complete filter-as-you-type capability, showing suggested search syntax, bookmarked search queries, examples and operators etc. A filtered query regarding assets can now be created directly from the “Search in” dropdown menu.
• A comprehensive date/time picker was added for providing to the user the ability to perform more time sensitive queries.
• The new Indicators Of Compromise (IOCs) dropdown menu enables the user to filter out or perform search queries related to probes identify as malicious; selected IOCs are colored red in the queries results.
• Integration with “Threat Anticipation” application, which provides a visual representation of events identified as malicious.
• Two breakdown pie charts were added: “Events by category” and “IOC events” for providing to the user the distribution of log and vent data collected.
• A pie chart visualization depicting query results is now included, with drilldown capabilities executed automatically upon clicking on a chart segment.

User & Entity Behavior Analysis (UEBA)

The introduction of an unsupervised machine learning model that keeps track of human-driven network/system activities in order to create a baseline of users’ work days and time shifts.

For any user, the model yields one of three results:

• The actual working hours
• Whether it is a shift operation
• There is not enough data

Threat Intelligence

Attack Probes

• This new application provides a visualization representation of attacks happening in near real-time against your organization.

Threat Anticipation

• With a user-friendly design, this new application anticipates which type of threats targeting your organization might affect the confidentiality, integrity and availability of your information assets. Threats are categorized into different Indicators Of Compromise (IOCs) types, such us Malware, Trojan, ToR Exit Node, Reconnaissance activity etc.
• The ‘network map’ helps users visualize the entire activity, including which assets detected this activity, devices/application/network targeted, action taken by these assets, direction of the activity, type, count, classification of the attack and much more.
• This powerful ‘network map’ provides the associations of IOCs with users, driven by the “User & Entity Behavior Analysis” (UEBA) application, additionally providing a summary with what was observed.
• Further analysis on each threat allows the user to jump into the “Big Data Search” application and view related log and event data.
• Unsupervised machine learning model for detecting phishing and malware delivery domains/sites (DNS fast flux): Utilizing a machine learning model to detect outbound connectivity to malicious domains/sites by analyzing DNS log data.

Heat Maps

• This new application presents the density and frequency of attacks by country. It provides a further drilldown of attacks by selecting a desired country on the map. Upon selecting a threat, the application redirects to the “Threat Anticipation” application for a further graphical representation of the threat.