Skip to main content

Responses are generated using AI and may contain mistakes.

New-Scale Security Operations PlatformNew-Scale Analytics Configuration Guide

Frequently Asked Questions

How can I maintain my New-Scale Analytics Configuration after deployment?

After your deployment is complete, there are several ways you can ensure that your New-Scale Analytics configuration remains up-to-date:

  • If Site Collector is installed, ensure that it remains upgraded to the latest version.

  • When new domains are added to your environment, update the Internal Domains context table, in Context Management, by adding new entries.

  • When new new log sources are onboarded, update the Event Filtering in Log Stream so logs from the new sources will be properly forwarded.

  • Periodically review the Network Zones context table, in Context Management, to ensure it remains up-to-date so that network zone-based detections can be accurately triggered.

  • If filtered context tables are in use to configure Attack Surface Insights rules, periodically review the conditions defined in te filtered context tables, in Context Management, to ensure they remain up-to-date.

  • Ensure that the latest content package is installed for Log Stream.

  • Review release notes when new functionality is made available.

Can I monitor contractor and consultant behavior in my environment?

It is possible to monitor contractors or consultants but it is not a simple out-of-the-box option. There is currently one pre-built Attack Surface Insights rule that looks for an employee_type attribute to be populated with a value of "contractor" but this attribute is not populated by default in Active Directory or Microsoft Entra ID. However, you could follow the steps below to configure New-Scale Analytics to monitor for contractor or consultant behavior:

  1. Create a filtered context table called Contractors, in Context Management, with this condition defined: title contains Contractor

  2. Create an Attack Surface Insights user rule called Contractors with the tag: Contractor

  3. Link the Attack Surface Insights rule to the Contractors filtered context table in Context Management with a condition like this defined: employee_type in "Contractors" . "Title"