Skip to main content

New-Scale Security Operations PlatformNew-Scale Analytics Configuration Guide

Table of ContentsTable of Contents

Introduction
- Overview of Steps
- Prerequisites
Required Configuration Steps
Best Practice Configuration Steps
- Step 5 - Configure Network Zones (Best Practice)
- Step 6 - Configure Attack Surface Insights Rules (Best Practice)
Frequently Asked Questions
- How can I maintain my New-Scale Analytics Configuration after deployment?
- Can I monitor contractor and consultant behavior in my environment?

Required Configuration Steps

The chart below lists the configuration steps that are required in order for New-Scale Analytics to begin the work of detecting and analyzing anomalous behaviors. Follow the links to detailed instructions.

Step	Component for Setup	Description
Step1 - Configure the Internal Domains Context Table	Context Management → Internal Domains table	Populate the Internal Domains context table with your organization's internal domains to prevent them from being monitored as external domains.
Step 2 - Route Events to the New-Scale Analytics Engine	Log Stream → Event Filtering tab	Define an event filter and route events to the New-Scale Analytics engine in order to process against baseline behavior and to detect anomalies.
Step 3 - Review Events Being Forwarded to Attack Surface Insights	Log Stream → Event Filtering tab	Define an event filter and route events to Attack Surface Insights in order to merge common identities across entities.
Step 4 - Start the New-Scale Analytics Engine	Threat Detection Management	Enable the analytics rules in Threat Detection Manager and begin training the New-Scale Analytics engine to process events against baseline behavior and to detect anomalies.