Home >
Enterprise >
Participants >
CyCraft > Carbanak+FIN7 Configuration
|
CyCraft Configuration
Product Versions
- Xensor Server 1.5.0.057
- Xensor Engine (Windows): 7.6.57
- Xensor Agent (Windows): 1.6.31.52863
- Xensor Engine (Linux): 0.38.14
- Xensor Agent (Linux): 8.24.19
- CyCarrier: 1.15.5
- NGAV Pattern: 7.86150
Product Description
CyCraft AIR solves security for large/medium/small organizations through its continuous organization-wide, automated, AI-driven forensics to deliver Fast/Accurate/Simple/Thorough Endpoint Detection and Response (EDR), Network Detection and Response (NDR), Managed Detection and Response (MDR), Incident Response (IR), Compromise Assessment (CA), SOC Ops solutions, and Cyber Health Score.
CyCraft AIR blocks known malicious artifacts/behavior and automates response for unknown and suspicious artifacts/behavior to give you:
Complete Understanding of Your Security Situation
- True organization-wide root cause analysis in minutes for suspicious activity
- Complete organization-wide storylines for incidents in minutes
- Continuous proactive global threat intelligence-driven and AI-driven threat hunting
- NGAV blocking & containment
- Actionable reporting, showing you how to remediate any incident step-by-step
- Breach protection
- Xensor Agents/Engines on Windows/macOS/Linux endpoints (cloud/on-prem/hybrid) perform continuous NGAV prevention for known bads, and forensic scanning to investigate unknown suspicious and anomalous artifacts/behavior. Xensor Agents continuously produce and transmit forensic metadata to Xensor Server.
- Xensor Server manages/updates endpoints and Xensor Agents, provides remediation, and consolidates data for CyCarrier.
- CyCarrier reads in the forensic metadata from Xensor Server and combines it with global threat intelligence to perform site-wide AI-analysis to automate investigations to rapidly produce threat hunting and site-wide attack situation reports to drive remediation.
Product Configuration
- Scan Settings: Default
- Scan Optimization: Enable All
- NGAV: Detect mode (Detection Day), Block mode (Protection Day)