• Alerts and Response Actions.

    NIST CSF RS.AN-1: Notifications from detection systems are investigated.
  • Incident Remediation.
    NIST CSF RS.MI-2: Incidents are mitigated.

Active Response.

Critical alerts will trigger automted responses on the end-point.

Scripts and Playbooks

SOCFortress crafts scripts and playbooks to respond to common intrusion attempts.

Block detected intrusions.

Block brute-force atatcks or access attempts to C2 servers.

Locate system anomalies.

Anomaly detection in process execution and network related activity.

User and Process Analytics.

Behaviour analytics in process and user activities.

Automated ResponsesAlerts and Actions

Block destination IPs of repeated offenders.

Apply kernel-level packet filters on demand upon detecting events with a high level alert.

System Anomalies.

Rootcheck and RAT detection and remediation.

Stop Brute Force Attacks.

Block repeated offenders and brute force login attempts.