Cyences Version 1.6.1 Enhancements & Updates

  • Added a new Sophos Central endpoint metadata collection command
  • Device Master Table has been renamed to Device Inventory Table 
  • Enhancements have been made to the Device Inventory Table, Asset Intelligence, Forensics, and Office 365 dashboards
  • New Linux/Unix report

Sophos Central 

Sophos is highly recognized as a worldwide leader in next-generation cyber security. Cyences is set to match those standards by providing Splunk users with a way to collect information about their Sophos endpoints within our app. We have added a Sophos endpoint metadata collection command via Sophos Central API to make this as easy and effective as possible. Follow the configuration steps below to get actionable insights into your security posture with the assistance of Cyences:

  1. Obtain the Client ID and Client Secret from your Sophos API credentials set.
  2. Navigate to Cyences App for Splunk > Settings > Configuration.
  3. Enter the Client ID and Client Secret in the Sophos Endpoint API Configuration section.
  4. Click Save.

Device Inventory

The Device Inventory dashboard has received some upgrades with the release of 1.6.0. The Device Inventory Table is now capable of automatically merging devices based on the information provided (hostname, IP address, etc.), as well as merging multiple entries that are used for the same device. The Device Inventory Table now, also, assigns a unique UUID to each device it detects. These new features help display an accurate number of devices.

Before

After

Asset Intelligence

The Asset Intelligence dashboard has received several enhancements, which allow Splunk users to simultaneously search their machines for multiple IP addresses and users. In order for this to work, commas are now permissible to use within search filters. In addition to that, a new lookup has been added to this dashboard to help optimize the Device Inventory Table overall.

Forensics

Performing a drilldown from anywhere on this dashboard will now automatically use the appropriate data model command instead of index=* for the selected query.

Office 365

A new search filter named Logon Error has been added to the Failed Logins dashboard panel to aid with the security audit process.

Linux/Unix

A new report named Linux/Unix has been added to the Cyences app, which contains rich security related information, such as: users with sudo privilege access, open ports, interfaces on hosts, mount points on hosts, and listening ports on hosts.

Written by Ahad Ghani.

Any questions, comments, or feedback are appreciated! Leave a comment or send me an email to [email protected] for any questions you might have.

Sign Up Now!

For exclusive news, information, and Events!


By submitting this form, you are consenting to receive marketing emails from: CrossRealms International. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact