RSA Security Analytics Investigation and Triage
RSA allows analysts to investigate rapidly down to the most granular detail to understand exactly what’s happening and how to address it. With a customizable, browser-based interface, analysts can quickly filter the data and focus on generating new intelligence.
Contributing to this unique investigative approach is capture time data enrichment. RSA Security Analytics inspects and performs deep-data enrichment right at the time of capture, making analysis much faster and more valuable in the midst of an investigation. This includes tagging threat indicators as well as interesting characteristics about the log or network session that could be useful as part of an alert, report, or investigation. As a result, analysts can ask any question of their data and get detailed contextual answers, which reduces incident response time and decreases an attacker’s free time in the environment.
Take Targeted Action on the Most Important Incidents
RSA Security Analytics’ native incident triage allows analysts to rapidly identify, triage, investigate, and respond to security events. This enables security teams to focus on the most important incidents with prioritized, categorized, risk score-driven alerts. Unlike other tools, RSA Security Analytics can aggregate alerts across network packets, endpoints, logs, and netflow to understand the true nature and scope of an incident – not just what was logged. Customers also have the ability to extend beyond the native triage and workflow capabilities in Security Analytics to more advanced incident and data breach response procedures by integrating with RSA Security Operations.