Note
Note: XOps is Cato’s unified analytics layer for security and operations, offering insights and guided remediation. XOps has replaced XDR, for more information, see XOps FAQ.
XOps App Activities stories help you identify risky and anomalous activity in sanctioned SaaS applications. By analyzing activity data collected through App Activities integrations, XOps detects suspicious behavior and generates stories that help you investigate potential security incidents.
These stories provide visibility into user actions performed directly in cloud applications, including activity from users who aren't connected to the Cato Cloud. Each story contains details about the relevant users, activities, and application to help you understand the context of the activity and determine if remediation is required.
App Activities stories are supported for GitHub, Microsoft 365, Slack, and Google Workspace.
Prerequisties
- To generate App Activities stories, your account must have XOps and CASB licenses, and the relevant App Activities integrations must be configured.
The Stories Workbench page shows a summary of the App Activities stories for your account. For App Activities stories, the Producer Type is Generic Incident and Producer Name is the app name.
For more about using the Stories Workbench page, see Reviewing Detection & Response XOps Stories in the Stories Workbench.
You can click on a story in the Stories Workbench to drill-down and investigate the details in a different page. This page contains a number of widgets that help you evaluate the issue identified by the producer.
These are the story drill-down widgets:
0 comments
Please sign in to leave a comment.