Solutions | TruContext Capabilities

TruContext™ Capabilities

Visualize Real Time Events

Every event happens at a point or duration in time. Successful investigations need to understand how those events unfold, and how they’re linked. With TruTime, our interactive timeline feature, you can quickly see when something happened, allowing further investigation into what changed at that specific point in time.

The Analysis Dashboard

With TruContext™,  you can point, click, and submit automated queries. Code Editor can be used if you know cypher query language and want a different structure.

Threat Hunting and Threat Detection

VULNERABILITIES

  • Dive deep into vulnerabilities and display everything that is connected to identify it as a potential risk
  • The table view displays the properties of the identified CVE vulnerability as identified by the MITRE reference database which will enable you to take immediate action on that CVE

EXPLOITS

  • Dive deep into Exploits and display everything that is connected to identify it as a potential risk
  • The table view displays the properties of the identified Exploits as identified by the MITRE reference database which will enable you to take immediate action on that CVE

COMMON VULNERABILITY SCORING SYSTEM (CVSS)

  • Dive deep into CVSS and display everything that is connected to identify risk scores
  • The table view displays the properties of the identified CVSS

COMMON WEAKNESS ENUMERATION (CWE™)

  • The main goal of CWE is to stop vulnerabilities at the source by educating software and hardware architects, designers, programmers, and acquirers on how to eliminate the most common mistakes before products are delivered. Ultimately, use of CWE helps prevent the kinds of security vulnerabilities that have plagued the software and hardware industries and put enterprises at risk.

EXTERNAL ENTRY

  • Identify external entries into your network via databases which would allow remote attackers to gain access to critical data

Incident Response

FILTERING

From the selected view we can filter based on the following:
  • API-Source  STATUS
  • CPU
  • CPUNUM
  • CPUPCT
  • DEVICE TYPE
  • INTERFACE
  • IP
  • MAC
  • OS
  • Name
  • UID
  • STATUS
  • SUBNET
  • ShowName
  • Total Mem
  • TZ
  • Type
  • Agent
  • Group
  • ID
  • Properties
  • None

GROUPING

  • By grouping our TCI’s, TruContext™ can isolate and combine the view of CVE’s which will result in a much faster incident response.
  • Each of the group types are able to be expanded to show you all TCI’s in the group.

API FILTERING

  • When ingesting data from multiple sources, such as PCAP, Tenable, Splunk or Datadog, we can filter the data on specific API data or view all data in a complete overlay of all ingested data.

OS FILTERING

  • Ingested data can be filtered by operating systems so that you can respond to incidents identified that are affecting specific Operating Systems, rather than try to diagnose unaffected systems, saving countless man hours.

SUBNET FILTERING

  • Ingested data can be filtered by subnets allowing you to identify if a specific threat is confined to one or multiple subnets.
  • Identifying the infected subnet will also allow you to quickly isolate the subnet and prevent further attacks, identify external entry points and more.

FAQs

There are many definitions of vulnerability. Here is a list of definitions from various cybersecurity authorities.

  • National Institute of Standards and Technology (NIST): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
  • ISO 27005: A weakness of an asset or group of assets that can be exploited by one or more cyber threats where an asset is anything that has value to the organization, its business operations and their continuity, including information resources that support the organization’s mission.
  • IETF RFC 4949: A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
  • ENISA: The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved.
  • The Open Group: The probability that threat capability exceeds the ability to resist the threat.
  • Factor Analysis of Information Risk: The probability that an asset will be unable to resist the actions of a threat agent.
  • ISACA: A weakness in design, implementation, operation or internal control.
  • A zero-day exploit (or zero-day) exploits a zero-day vulnerability. A zero-day (or 0-day) vulnerability is a vulnerability that is unknown to, or unaddressed by, those who want to patch the vulnerability.
  • Until the vulnerability is patched, attackers can exploit it to adversely affect a computer program, data warehouse, computer or network.
  • “Day Zero” is the day when the interested party learns of the vulnerability, leading to a patch or workaround to avoid exploitation.
  • The key thing to understand is the fewer days since Day Zero, the higher likelihood that no patch or mitigation has been developed and the higher the risk of a successful attack.
  • The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
  • CVSS is a published standard used by organizations worldwide, and the SIG’s mission is to continue to improve it.
  • Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weakness types that have security ramifications. “Weaknesses” are flaws, faults, bugs, or other errors in software or hardware implementation, code, design, or architecture that if left unaddressed could result in systems, networks, or hardware being vulnerable to attack. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.

Get TruContext™