Skip to main content

Endpoint Threat Detection

Endpoint Threat Detection

Endpoint Threat Detection

To increase the security of the Microsoft systems, SGBox is able to collect specific information from endpoints, where most of the targeted attacks are concentrated. SGBox provides a number of specific out-of-the-box correlation rules and dashboards to detect threats and generate automated responses to mitigate the risk of a data breach

Identify Priviledge Account Abuse

SGBox Agent

SGBox Agent allows you to monitor and track system activities by saving them in the Windows event log. The data collected by the service increases Windows audit capabilities, allowing you to gather detailed information about processes and network traffic (such as DNS queries sent by an application).

Attack Techniques

SGBox maps possible attack techniques with Tactics, Techniques and Procedures (TTP) of the MITRE ATT&CK framework. ATT&CK catalogues the modus operandi of attackers starting from real cases, defines common terminology and widespread in many security products (including EDRs).

Rapidly Eliminate Threats

Integrated response capabilities eliminate threats to trusted states with the SGBox correlation engine.

: