Skip to main content

New-Scale Security Operations PlatformNew-Scale Analytics Configuration Guide

Table of ContentsTable of Contents

Introduction
- Overview of Steps
- Prerequisites
Required Configuration Steps
Best Practice Configuration Steps
- Step 6 - Configure Network Zones (Best Practice)
- Step 7 - Configure Attack Surface Insights Rules (Best Practice)
Frequently Asked Questions
- How can I maintain my New-Scale Analytics Configuration after deployment?
- Can I monitor contractor and consultant behavior in my environment?

Required Configuration Steps

The chart below lists the configuration steps that are required in order for New-Scale Analytics to begin the work of detecting and analyzing anomalous behaviors. Follow the links to detailed instructions.

Step	Component for Setup	Description
1. Configure the Internal Domains Context Table	Context Management → Internal Domains table	Populate the Internal Domains context table with your organization's internal domains to prevent them from being monitored as external domains.
2. Route Events to New-Scale Analytics	Log Stream → Event Filtering tab	Define an event filter and route events to the New-Scale Analytics engine in order to process against baseline behavior and to detect anomalies.
3. Route Events to Attack Surface Insights	Log Stream → Event Filtering tab	Define an event filter and route events to Attack Surface Insights in order to merge common identities across entities.
4. Create Filtered Context Tables for Enrichment	Context Management	Create the filtered context tables that are necessary to support certain enrichment rules in Log Stream.
5. Start the New-Scale Analytics Engine	Threat Detection Management	Enable the analytics rules in Threat Detection Manager and begin training the New-Scale Analytics engine to process events against baseline behavior and to detect anomalies.