Content index
Content Pack OOTB
Content Pack OOTB
Welcome
Project Management
Renaming your workspace
What’s The Difference Between A Manager, Team Member, And Collaborator?
Add A Tea m Member To Your Workspace
FAQs
Welcome
Basic ConceptsBasic Concepts
Identity Security Posture ManagementIdentity Security Posture Management
Identity Threat Detection & ResponseIdentity Threat Detection & Response
ConfigurationConfiguration
Content Pack OOTB
Initial Setup
Extend behavioral analysis to other data and applications
Define a custom Indicator of Behavior
Correlate different IoBs with the Threat Modeler
Configure the response with the Playbook

Content Pack OOTB

The Sharelock platform comes with a set of out-of-the-box (OOTB) contents, also known as Plugins.

The available Plugins are:

Microsoft 365 Content Pack: related to the Microsoft Office 365 suite of applications.

From the Dashboard landing page, at the top, select the icon to the right of the main selection menu to reveal the drop-down menu with options for the logged-in administrative user, then select the System option. 

At the bottom, to the right of the Plugins section, there is a button to request the installation of the standard Sharelock distribution package for managing Microsoft 365 data.

Please click the button and await the completion of the automated installation process.

NOTE: The installation does not overwrite existing content and cannot be uninstalled.

The Plugins contain all the entities necessary to manage the standard lifecycle of the Sharelock platform, ranging from application management, data analysis, modeling of anomalies and threats, to possible responses.

The entities listed below have been fine-tuned to manage the most common usage scenarios:

  • Algorithms
  • Subjects
  • Indicators of Behavior
  • Playbooks
  • Threats

To initiate the analysis life-cycle process, the following is required:

Select the "Settings" view, located at the top right of the main menu, to access all platform system configurations.

Click on the "Subjects" card. 

Wait for the loading of the list of available Out-of-the-Box Subjects, and choose a Subject to execute by selecting its name on the respective card. 

Within the Subject details, enable its execution by utilizing the Status toggle set to ON. Upon completion of activation, click Save.

The loading operation can be easily verified by consulting the Dashboard, located at the bottom near the card labeled 'Account.' One can observe in the 'population' column the executed subjects alongside the total detected entities. 

If there is a need for more detailed examination of individual accounts, accessing the 'Account Insights' view is achievable by clicking on the convenient textual hyperlink positioned at the top right.

From the dropdown menu labeled 'Choose a Subject', select the newly created Subject to view a list generated by the engine and based on the ingested data below. 

Next to the Subject's name, there is also the total count of entities uploaded so far. Select the "Indicators of Behavior" card. Wait for the loading of the list of available Out-of-the-Box IoBs.

Choose the IoB to execute from the list and click the Launch button located at the bottom right of the selected card, under the Actions section. 

Specify the date in the popup from which to start processing data by the algorithms. "Change Learning" indicates the training period necessary for the algorithms to learn behavior from the ingested data. The Out-of-the-Box IoBs are already preconfigured with the optimized value, thus no alteration is necessary. 

You may choose to select the 'Deletes the previously created training' checkbox if you wish to rerun the operation by erasing previously executed processing.

To monitor the analysis process, please select the "IoB Insight" option from the top menu. This page will display graphs for each IoB, depicting the current processing status up to the present reference time period.

Ideally, it is necessary to wait until the IoB reaches the desired processing date. To gain a marginal understanding of the processing day reached by the IoB, one can simply refer to the processing label on the right side of the selected IoB card.

Finally, select the "Threats" card. Wait for the loading of the list of available Out-of-the-Box Threats. 

Choose the Threat to execute from the list and click the Launch button located at the bottom right of the selected card, under the Actions section. Select the time range from the popup to focus on alert production of a specific moment in time. 

Continuous threat detection can be activated by toggling the "Deployed" option.

To monitor the status of alerts, select the "Dashboard" view from the top menu. The initial row of cards, including "Active Threats Summary" and "Active Threats by Type," will present the active alerts identified up to the current moment.

Configure the response with the Playbook

Learn how to tune and customize response with the Playbook

Correlate different IoBs with the Threat Modeler

Learn how to correlate different Indicators of Behavior with the Threat Modeler

Define a custom Indicator of Behavior

Learn how to configure a custom Indicator of Behavior to add to the OOTB IoBs catalog

Extend behavioral analysis to other data and applications

Learn how to set up a new Subject to extend behavioral analysis to other data and applications

Initial Setup

A quick how-to to learn how to configure a new data collector

Content Pack OOTB

A quick how-to to learn how to upload OOTB content to Sharelock

LOG IT ALL, DETECT ANYTHING AND RESPOND QUICKLY

Check our Website!