Threat Prevention Stories with Near Real-Time Updates

Overview

XOps Threat Prevention stories help admins investigate threat indications by correlating relevant security events into a story. Cato is gradually enhancing these stories so they are updated in near real time, helping admins detect and respond to relevant threat activity more quickly.

This article lists the Threat Prevention story indications that support near real-time updates.

Prerequisites

  • XOps license

Indications with Near Real-Time Updates

The following Threat Prevention story indications support near real-time updates:

  • blocked_remote_tool_activity
  • chaser_MZ_download_with_impersonated_extension
  • chaser_access_phishing
  • chaser_cnc_certificate
  • chaser_json_rpc
  • chaser_ransomware_detection_high_confidence
  • chaser_sid_bl_ua
  • chaser_submition_to_phishing
  • downloaded_tool_from_unofficial_domain
  • file_download_attempt_low_rep
  • hunt_mega_api
  • hunt_winhttp_download_binary
  • suspicious_response_headers
  • suspicious_web_shell_uploaded

Was this article helpful?

0 out of 0 found this helpful

0 comments