Description

Once a threat is detected in ArcSight ESM, the incident response team begins a thorough investigation into the extent of the breach. They’ll ask five questions:

  1. What is the compromised device?
  2. Where is it physically and logically located?
  3. Can it access other assets?
  4. Can an untrusted network reach the potential threat?
  5. What are the pathways to these assets?

RedSeal provides all the tools you need to quickly answer these questions.  For example, it provides the OS, applications (services), MAC address, the device’s subnet (e.g., Finance, Sales, Engineering) and the policy group it is part of. It also gives you the switch and port number the device is connected to.

Importantly, RedSeal also provides a list of downstream assets that the compromised device can access. This list is prioritized based on the downstream target’s asset value and the severity of known vulnerabilities that can be exploited. RedSeal also shows you detailed host information for each reachable asset. In addition, you’ll be able to see detailed pathways to these downstream assets, including the firewall rule (or ACL) that is allowing access to these devices.

You’ll also want to know if the compromised host can be accessed from an untrusted network. If it can, it might be connecting to a command and control server, which could be exfiltrating confidential information.  In this case, containment is a high priority and you can use RedSeal’s detailed path information to locate a firewall or ACL that can block access.

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
RedSeal App for Incident Investigation 1.0
2.2 KB
  |  
Aug 22, 2017
More info Less info
Product compatibility
ESM
Version 6.8 · 6.9.1 · 6.11.0
Release notes

 RedSeal version(s) 8.5 or later is required.

Languages
English

Resources

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the Micro Focus Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-2-3-3805 | Wed Feb 24 23:06:24 PST 2021