Content index
Correlate different IoBs with the Threat Modeler
Welcome
Project Management
Renaming your workspace
What’s The Difference Between A Manager, Team Member, And Collaborator?
Add A Tea m Member To Your Workspace
FAQs
Welcome
Basic ConceptsBasic Concepts
Identity Security Posture ManagementIdentity Security Posture Management
Identity Threat Detection & ResponseIdentity Threat Detection & Response
ConfigurationConfiguration
Content Pack OOTB
Initial Setup
Extend behavioral analysis to other data and applications
Define a custom Indicator of Behavior
Correlate different IoBs with the Threat Modeler
Configure the response with the Playbook

Correlate different IoBs with the Threat Modeler

Overview

In Sharelock's Identity Threat Detection and Response (ITDR) framework, a threat is defined as a significant security incident or potential attack that has been reliably identified via behavioral anomalies and machine learning algorithms. Sharelock ITDR distinguishes itself by scaling from a single Indicator of Behavior (IoB) anomaly to true security threat detection, which enables the accurate identification and response to potential security threats.

In practical terms:

  • The ITDR framework manages a dynamic "security context" for each monitored entity, and alerts are issued when there is a significant deterioration within that context, signaling potential security risks.
  • For example, if an account uses a specific MITRE technique that increases the security risk, Sharelock's system highlights and escalates this activity.
  • Rather than bombarding security personnel with constant low-level alerts, the system prioritizes warnings when the threat level is genuinely heightened.
  • If threat tactics escalate or new MITRE techniques are employed, Sharelock reevaluates and recalibrates the risk profile in line with the intensified threat vector, facilitating a proportionate and appropriate response to each unique situation.

This ITDR mechanism is a crucial feature of Sharelock, ensuring not only detection but also timely and context-aware action that adapts dynamically to the evolving threat environment.


Create new Threat

Select the "Settings" option from the main menu, located at the top right corner.

Click on the "Threats" card in the configuration group named "Behavioral Engine Management."

To add a new Threat, click the "New Threat +" button. In the Threat details, fill the mandatory fields:

  • Name: the name of the Threat to create.
  • Correlation Time Window: input or adjust the number of days to be considered when an anomaly is generated.
  • Playbook: click on the field and select a playbook previously created to associate as remediation for the threat.

To finalize the creation of a Playbook, define one or more stages (up to a maximum of 6 in total) adding the iobs that are required to define the custom scenario and then proceed to click the "Save" button located at the bottom of the interface.

Configure the response with the Playbook

Learn how to tune and customize response with the Playbook

Correlate different IoBs with the Threat Modeler

Learn how to correlate different Indicators of Behavior with the Threat Modeler

Define a custom Indicator of Behavior

Learn how to configure a custom Indicator of Behavior to add to the OOTB IoBs catalog

Extend behavioral analysis to other data and applications

Learn how to set up a new Subject to extend behavioral analysis to other data and applications

Initial Setup

A quick how-to to learn how to configure a new data collector

Content Pack OOTB

A quick how-to to learn how to upload OOTB content to Sharelock

LOG IT ALL, DETECT ANYTHING AND RESPOND QUICKLY

Check our Website!