Overview of Steps
The chart below provides information about each of the steps included in the New-Scale Analytics configuration process:
Step | Component for Setup | Description |
---|---|---|
Context Management → Internal Domains table | Populate the Internal Domains context table with your organization's internal domains to prevent them from being monitored as external domains. | |
Log Stream → Event Filtering tab | Define an event filter and route events to the New-Scale Analytics engine in order to process against baseline behavior and to detect anomalies. | |
Log Stream → Event Filtering tab | Define an event filter and route events to Attack Surface Insights in order to merge common identities across entities. | |
Context Management | Create the filtered context tables that are necessary to support certain enrichment rules in Log Stream. | |
Threat Detection Management | Enable the analytics rules in Threat Detection Manager and begin training the New-Scale Analytics engine to process events against baseline behavior and to detect anomalies. | |
Context Management → Network Zones table | Populate the Network Zones context table with a list of network zone CIDR ranges and associated names in your environment. | |
Attack Surface Insights | Configure the Attack Surface Insights rules that are required to unlock pre-built, tag-specific use cases in your environment. |