Overview
XOps Threat Prevention stories help admins investigate threat indications by correlating relevant security events into a story. Cato is gradually enhancing these stories so they are updated in near real time, helping admins detect and respond to relevant threat activity more quickly.
This article lists the Threat Prevention story indications that support near real-time updates.
Prerequisites
- XOps license
Indications with Near Real-Time Updates
The following Threat Prevention story indications support near real-time updates:
- blocked_remote_tool_activity
- chaser_MZ_download_with_impersonated_extension
- chaser_access_phishing
- chaser_cnc_certificate
- chaser_json_rpc
- chaser_ransomware_detection_high_confidence
- chaser_sid_bl_ua
- chaser_submition_to_phishing
- downloaded_tool_from_unofficial_domain
- file_download_attempt_low_rep
- hunt_mega_api
- hunt_winhttp_download_binary
- suspicious_response_headers
- suspicious_web_shell_uploaded
0 comments
Please sign in to leave a comment.