ActiveSOC automatically validates that low-scoring events (e.g., “User logged in from an unusual location”) are attacks. It helps triage alerts as well as generate new intelligence from low-scoring events.
Validate alerts before they reach an analyst, reducing the number of alerts an analyst sees
Create new intelligence out of discarded, “below-the-threshold” events
Reduce disruptions such as reimaging the user’s system
Give analysts another response option, empowering an analyst to activate an automated validation process