Table of Contents
How to make it in Sycope?
There is a number of built-in elements ready to use after installation, although most of the objects, are global, a few of them will be licensed dependent. So please keep in mind if something you see here is missing, you probably need a security or performance license.
The most important one, which will provide value out of the box, is the number of analysis scenarios which are predefined and available for the system operator in a form of dashboard groups. Those groups are focused on three main areas, visibility, performance, and security. These scenarios require data to function, but if such data is provided, they are ready to go instantly.
Dashboard groups are easily navigable and come with specific metrics included.
If you want to create your own unique dashboard, there are a number of already predefined widgets available If you want to visualize something specific, widget creator will walk you through all the necessary steps to accomplish your goal, to make investigating common net flow issues and security incidents easier.
We provide you with powerful tools. 64 rule templates are included and the number is growing with each release. A few of these require slight user tuning to eliminate false positives, but they are a great starting point even for an inexperienced analyst. If the analyst wants to create a unique alert rule, the rule creator is at hand and will walk the user through all the necessary steps to accomplish their goal.
The creator will also provide real data feedback and what to expect after rule creation. At the core of the system are data gathering and data analytics. To ensure these modules work effectively, we predefined a number of net flow fields and metrics with proper data formatting, which can be duplicated and modified or used as they are to enrich the database with information like geolocation, A SN mapping and security threats, identification from our proprietary CTI central threat intelligence. There is a number of dynamic objects called lookups. These lookups can be utilized during visualization, analytics, or deduplication processes.
Lookups are also a foundation of common features like interface utilization, name mapping, or network segments, naming and grouping to enrich data on the visualizations. A number of objects called mappers are included. The sole purpose of these elements is to present original data in a more accessible form to facilitate analysis. Many right click operations are pre-configured. Those can be easily utilized in various parts of the system to improve analysis Even further, a number of predefined and categorized filters are available out of the box and ready to be used by the system operator for ad hoc analysis.
FAQ
Sycope comes with a number of built-in elements, such as predefined analysis scenarios, dashboard groups focused on visibility, performance, and security, and 64 rule templates that are included and updated with each release.
To create a unique dashboard, you can use predefined widgets or the widget creator, which guides you through the necessary steps to visualize specific data.
Yes, Sycope offers a rule creator that guides users in creating unique alert rules, providing real data feedback and expectations after rule creation.
Lookups are dynamic objects used during visualization, analytics, or deduplication processes. They serve as a foundation for features like interface utilization, name mapping, and network segment grouping to enrich data visualizations.
Sycope facilitates data analysis by using mappers to present data in a more accessible form, providing right-click operations that are pre-configured, and offering predefined and categorized filters for ad hoc analysis.
