Skip to content

Console

DEFEND Console

The Console is the home of DEFEND where you can see exactly what alerts have been fired, the investigation work the FoxTech Defenders have carried out and any tasks waiting for you to complete.

  • New Case - Create a New Case independent of an Alert.
  • My Tasks - A list of all your Tasks.
  • Waiting Tasks - Tasks waiting for someone to take ownership.
  • Alerts - Alerts generated by the SIEM.
  • Dashboards - Some visual displays of Alerts and Cases to aid with analysis and reporting.
  • Search - The Search screen is a more comprehensive search environment covering Cases, Tasks, Task Logs, Observables, Alerts and Analyser Jobs.
  • Search by CaseID
    • A quick search option when the Case ID number is known.
  • Organisation
    • An Admin-specific menu option showing Case templates for the current Organisation as well as any links to other Organisations.
  • User Profile
    • Allows the user to update their name and profile picture.
  • Switch Organisation
    • Allows Administrators to switch between multiple Organisations.
  • Selected Cases - Drop-down menu for making changes across multiple selected Cases
  • Quick Filter - Some useful filters for listing Cases
  • Sort By - A variety of sort options
  • Custom Fields - Toggle any Custom Fields
  • Stats - Toggle the Stats section
  • Filters - Toggle the Filters section

Stats

  • Visual charts/tables showing Status, Resolution and Top 5 Tags to aid with the quick filtering of Alerts and Cases

Filters

  • Search terms that can be combined to target specific Cases/Alerts or Tasks

Main Area

The main display area for the various sections within Defend, the various highlighted Tags as well as Dates can be selected for additional filtering of Cases and Alerts.

Live Stream

  • A live contextual feed showing a history of updates on Cases and Tasks