Welcome to Threat Detection Management
Manage detection rules with Threat Detection Management.
Threat Detection Management is a unified interface for creating, testing, and tuning detections across all engines that streamlines the way security engineers handle detection rules. By centralizing detection content, Threat Detection Management ensures that security analysts receive accurate, high-fidelity alerts with minimal noise.
With a single interface, security teams can easily adjust and refine detection criteria, implement exclusion rules, and tune any detection rule regardless of the engine. This holistic approach empowers security engineers to enhance detection accuracy, maximize efficiency, and ultimately provide better protection for their organization.
The Threat Detection Management app is one of many available to you on the New-Scale Security Operations Platform. The app interacts with the following services and apps:
Security content – Threat detection rules are regularly delivered to the Threat Detection Management app through security content packages. Rules are analytics or correlation-based. Analytics rules are delivered by Exabeam threat researchers and tunable through exclusions. Correlation rules are also delivered by Exabeam threat researchers but can also be used as templates for you to define your own rules.
Analytics engine – The cloud-native analytics engine is a behavior adaptive multi-domain engine that applies statistical analysis to your SIEM data. The analytics engine can then evaluate threat detection rules to raise and prioritize alerts and cases.
Threat Center – Threat Center is the hub on the New-Scale Security Operations Platform for threat detection, investigation, and response (TDIR). It centralizes all detections, alerts, and cases so you efficiently triage and respond to potential threats with a streamlined workflow. Alerts and cases are raised based on the threat detection rules in your Threat Detection Management app.
Attack Surface Insights – Helps identify and manage critical assets in your organization by adjusting security criticality and asset ratings, which directly influence threat scoring and alert prioritization.
Context Management – Enriches event data by adding contextual information like user attributes and IP addresses, refining correlation rules and threat scoring, ensuring more accurate and focused security alerts.