Frequently Asked Questions
How can I maintain my New-Scale Analytics Configuration after deployment?
After your deployment is complete, there are several ways you can ensure that your New-Scale Analytics configuration remains up-to-date:
If Site Collector is installed, ensure that it remains upgraded to the latest version.
When new domains are added to your environment, update the Internal Domains context table, in Context Management, by adding new entries.
When new new log sources are onboarded, update the Event Filtering in Log Stream so logs from the new sources will be properly forwarded.
Periodically review the Network Zones context table, in Context Management, to ensure it remains up-to-date so that network zone-based detections can be accurately triggered.
If filtered context tables are in use to configure Attack Surface Insights rules, periodically review the conditions defined in te filtered context tables, in Context Management, to ensure they remain up-to-date.
Ensure that the latest content package is installed for Log Stream.
Review release notes when new functionality is made available.
Can I monitor contractor and consultant behavior in my environment?
It is possible to monitor contractors or consultants but it is not a simple out-of-the-box option. There is currently one pre-built Attack Surface Insights rule that looks for an employee_type
attribute to be populated with a value of "contractor" but this attribute is not populated by default in Active Directory or Microsoft Entra ID. However, you could follow the steps below to configure New-Scale Analytics to monitor for contractor or consultant behavior:
Create a filtered context table called Contractors, in Context Management, with this condition defined:
title contains Contractor
Create an Attack Surface Insights user rule called Contractors with the tag:
Contractor
Link the Attack Surface Insights rule to the Contractors filtered context table in Context Management with a condition like this defined:
employee_type in "Contractors" . "Title"