Cyences Version 1.6.1 Enhancements & Updates

  • Added a new Sophos Central endpoint metadata collection command
  • Device Master Table has been renamed to Device Inventory Table 
  • Enhancements have been made to the Device Inventory Table, Asset Intelligence, Forensics, and Office 365 dashboards
  • New Linux/Unix report

Sophos Central 

Sophos is highly recognized as a worldwide leader in next-generation cyber security. Cyences is set to match those standards by providing Splunk users with a way to collect information about their Sophos endpoints within our app. We have added a Sophos endpoint metadata collection command via Sophos Central API to make this as easy and effective as possible. Follow the configuration steps below to get actionable insights into your security posture with the assistance of Cyences:

  1. Obtain the Client ID and Client Secret from your Sophos API credentials set.
  2. Navigate to Cyences App for Splunk > Settings > Configuration.
  3. Enter the Client ID and Client Secret in the Sophos Endpoint API Configuration section.
  4. Click Save.

Device Inventory

The Device Inventory dashboard has received some upgrades with the release of 1.6.0. The Device Inventory Table is now capable of automatically merging devices based on the information provided (hostname, IP address, etc.), as well as merging multiple entries that are used for the same device. The Device Inventory Table now, also, assigns a unique UUID to each device it detects. These new features help display an accurate number of devices.

Before

After

Asset Intelligence

The Asset Intelligence dashboard has received several enhancements, which allow Splunk users to simultaneously search their machines for multiple IP addresses and users. In order for this to work, commas are now permissible to use within search filters. In addition to that, a new lookup has been added to this dashboard to help optimize the Device Inventory Table overall.

Forensics

Performing a drilldown from anywhere on this dashboard will now automatically use the appropriate data model command instead of index=* for the selected query.

Office 365

A new search filter named Logon Error has been added to the Failed Logins dashboard panel to aid with the security audit process.

Linux/Unix

A new report named Linux/Unix has been added to the Cyences app, which contains rich security related information, such as: users with sudo privilege access, open ports, interfaces on hosts, mount points on hosts, and listening ports on hosts.

Written by Ahad Ghani.

Any questions, comments, or feedback are appreciated! Leave a comment or send me an email to uhoulila@crossrealms.com for any questions you might have.

Usama Houlia - CEO

Usama Houlila

President and Enterprise Architect
Usama Houlila is an Enterprise Architect with more than 20 years of professional experience providing technology solutions for organizations in industries including legal, public services, healthcare, finance, retail, hospitality, and manufacturing. Usama is well-versed in all phases of project delivery – from initiation to closeout. His ability to see the big picture is a product of his comprehensive knowledge of hardware, software, application, and systems engineering. Usama’s myriad interests include international affairs, nutrition and health, cooking, and music. He has played the flute since childhood and is an avid runner and bicyclist who recently added swimming and triathlons to the mix. He currently manages, designs, and deploys palo alto for legal, healthcare, and financial services.