Table of Contents
How to make it in Sycope?
There is a number of built-in elements ready to use after installation, although most of the objects, are global, a few of them will be licensed dependent. So please keep in mind if something you see here is missing, you probably need a security or performance license.
The most important one, which will provide value out of the box, is the number of analysis scenarios which are predefined and available for the system operator in a form of dashboard groups. Those groups are focused on three main areas, visibility, performance, and security. These scenarios require data to function, but if such data is provided, they are ready to go instantly.
Dashboard groups are easily navigable and come with specific metrics included.
If you want to create your own unique dashboard, there are a number of already predefined widgets available If you want to visualize something specific, widget creator will walk you through all the necessary steps to accomplish your goal, to make investigating common net flow issues and security incidents easier.
We provide you with powerful tools. 64 rule templates are included and the number is growing with each release. A few of these require slight user tuning to eliminate false positives, but they are a great starting point even for an inexperienced analyst. If the analyst wants to create a unique alert rule, the rule creator is at hand and will walk the user through all the necessary steps to accomplish their goal.
The creator will also provide real data feedback and what to expect after rule creation. At the core of the system are data gathering and data analytics. To ensure these modules work effectively, we predefined a number of net flow fields and metrics with proper data formatting, which can be duplicated and modified or used as they are to enrich the database with information like geolocation, A SN mapping and security threats, identification from our proprietary CTI central threat intelligence. There is a number of dynamic objects called lookups. These lookups can be utilized during visualization, analytics, or deduplication processes.
Lookups are also a foundation of common features like interface utilization, name mapping, or network segments, naming and grouping to enrich data on the visualizations. A number of objects called mappers are included. The sole purpose of these elements is to present original data in a more accessible form to facilitate analysis. Many right click operations are pre-configured. Those can be easily utilized in various parts of the system to improve analysis Even further, a number of predefined and categorized filters are available out of the box and ready to be used by the system operator for ad hoc analysis.
