To increase the security of the Microsoft systems, SGBox is able to collect specific information from endpoints, where most of the targeted attacks are concentrated. SGBox provides a number of specific out-of-the-box correlation rules and dashboards to detect threats and generate automated responses to mitigate the risk of a data breach
Identify Priviledge Account Abuse
SGBox Agent allows you to monitor and track system activities by saving them in the Windows event log. The data collected by the service increases Windows audit capabilities, allowing you to gather detailed information about processes and network traffic (such as DNS queries sent by an application).
SGBox maps possible attack techniques with Tactics, Techniques and Procedures (TTP) of the MITRE ATT&CK framework. ATT&CK catalogues the modus operandi of attackers starting from real cases, defines common terminology and widespread in many security products (including EDRs).
Integrated response capabilities eliminate threats to trusted states with the SGBox correlation engine.