Logsign Unified SecOps Platform collects datas, analyzes and visualizes it. In addition, Logsign offers many features that automate and facilitate incident response. It offers an incident management and response solution prepared with one-click fast response, ready-made analysis cards and MITRE Matrix approaches.
All incidents that occur in the system can be accessed by the "Incidents" tab from the Logsign web interface. Under the incident tab, incidents' values such as count, priority, risk score, status, owner and category can be followed. Analyzes can be performed and the action module can be used.
When an incident is clicked, the incident card screen will be appeared.
All the detailed information of the incident can be accessed by pressing the more button.
The Action Object, risk score value, artifact and entity informations can be seen on the Incident detail screen. In addition, number of times the incident was triggered and the previous responses can be tracked.
It can be seen which Mitre Attack Matrix belongs to the triggered alarms and Mitre Attack vector can be defined by going to the Alert Rules tab.
NIST Response Stages for the incidents can be followed in the upper right section and one click response feature can be used with the "Action Button" in the lower right corner.
Third party investigation tools ( AbuseIPDB, VirusTotal, IBMXForce) , Security Devices and Ldap integrations are available to used for action module.
A investigation results are added to the incident for enrichment and the response results can be seen in the incident detail screen.
As a result of the received responses, the process proceeds automatically and after the incident is resolved, the incident can be closed by defining the reason.