Skip to main content

Responses are generated using AI and may contain mistakes.

New-Scale Security Operations PlatformNew-Scale Analytics Configuration Guide

Overview of Steps

The chart below provides information about each of the steps included in the New-Scale Analytics configuration process:

Step

Component for Setup

Description

1. Configure the Internal Domains Context Table

Context Management → Internal Domains table

Populate the Internal Domains context table with your organization's internal domains to prevent them from being monitored as external domains.

2. Route Events to New-Scale Analytics

Log Stream → Event Filtering tab

Define an event filter and route events to the New-Scale Analytics engine in order to process against baseline behavior and to detect anomalies.

3. Route Events to Attack Surface Insights

Log Stream → Event Filtering tab

Define an event filter and route events to Attack Surface Insights in order to merge common identities across entities.

4. Create Filtered Context Tables for Enrichment

Context Management

Create the filtered context tables that are necessary to support certain enrichment rules in Log Stream.

5. Start the New-Scale Analytics Engine

Threat Detection Management

Enable the analytics rules in Threat Detection Manager and begin training the New-Scale Analytics engine to process events against baseline behavior and to detect anomalies.

6. Configure Network Zones (Best Practice)

Context Management → Network Zones table

Populate the Network Zones context table with a list of network zone CIDR ranges and associated names in your environment.

7. Configure Attack Surface Insights Rules (Best Practice)

Attack Surface Insights

Configure the Attack Surface Insights rules that are required to unlock pre-built, tag-specific use cases in your environment.