Content packs allow you to manage a combination of rules with an easy classification search and analyze the huge volumes of logs to detect the threats in your enterprise IT infrastructure.
Packs allow you to define, customize and combine your own rules in order to detect complex threats in highly complicated environments which in turn produce intellectual property of an organization and make it commercialize the packs at enterprise level.
By default, only base pack is available in the account, and you can enhance these packs based on the subscriptions you subscribed to. Examples of packs are AWS, Office 365, active directory and exploit etc.
Configuring Content Packs
The Content pack page helps you search all packs by pack type. Quickly enable, delete, edit, and disable packs.
User Permissions Required: A Publisher from these categories - Domain, Organization and Tenant can create packs.
To configure a Pack,
- Navigate to Configurations --> Chronicle CMS at left menu
- Click Content Packs tile
- From the Packs listing page, click+ Add Pack in the top right corner
- In the Rule creation form, enter Pack Name and add Rules
- Enter the Company Name, and Company Type
- By default, Auto Update is enabled
- Click Save
Note: After you have enabled Auto Update at domain level, a pack is published to organization, and tenant level. You can enable or disable Auto Update at any lower level after publishing a pack. Suppose, if you disable Auto Update at organization level, changes in pack will not be sent to tenant level.
Publishing Content Packs
User Permissions Required: A Publisher from these categories - Domain, Organization and Tenant can publish packs.
To publish a pack,
- Navigate to Configurations --> Chronicle CMS at left menu
- Click Content Packs tile.
- From the Packs listing page, click on the following options.
-
- Publish to All: The pack and the associated rules will be published to all users under each category - Domain, Organization, and Tenant.
- Publish to Selected: The pack and the associated rules will be published to only selected users under each category - Domain, Organization, and Tenant.
Note: After publishing a pack at domain level, the pack name and rules are not editable at organization and tenant level.
Finding Content Packs
The free text search filters content packs by text in the Pack Name, and/or Company Name and/or Company Type. There is no Search button.
Filtering Content Packs
The content packs can be filtered using the following entities such as:
|
Filter |
Description |
|
Tags |
Keywords that are added to a pack. This includes tactics, techniques, malwares etc.info associated to a pack |
|
Name |
Name of a pack |
|
Company Name |
Name of an organization that the user belongs to. |
|
Assigned To |
The personnel who are assigned to a pack |
|
Comments |
Notes added by the users |
|
Created On |
The Date and Time on which the pack is created for the first time |
|
Created By |
The person who creates the pack |
|
Last Updated By |
The person who updated a pack recently. |
|
Last Updated On |
The time at which the last update is done to a pack |
|
Auto Update |
An update that enables/disables automatically |
|
Rule (Rule List1) |
Name of a rule that the pack is filtered. A list of rules is shown in the filter |
|
Updates Available |
New changes available or not |
|
Company (Company List) |
An organization that a pack belongs to |
You can add multiple filters and click Apply to filter your chosen entities.
You may remove specific filters by clicking and then clicking the X to the right of the filter. To reset the content packs page to its default filters, click Filter --> Clear Filters.
Sorting Content Packs
The packs feed lists all content packs (Published, Publishing and Draft) in the listing page after creating or publishing them. You can sort the packs based on the following list of options.
| Item | Description |
|---|---|
|
Last Modified On |
Date and Time of last change to a pack |
|
Company Name |
Name of a company from which a user is logged on |
|
Name |
A name that is given to a pack |
|
Most Used |
Most users used the pack |
|
Created On |
Date and Time when a pack is created first time |
|
Company Type |
A type that a company belongs to |
To rearrange the content packs in descending or ascending order, click or
For viewing left side menu, click three dots at the top right corner of screen and select Toggle Sidebar.
For sharing a URL, click three dots at the top right corner of screen and select Share URL.
Comments
0 comments
Please sign in to leave a comment.