Agentic NDR Detection Capability Published
Through security events, security alerts, and ATT&CK attack matrices, it enables threat detection and analysis during an incident, as well as post-incident tracing and handling.
Content
Applicable customers: Suitable for complex scenarios such as APT attacks, major event support, and sensitive data protection.
New Feature/Specification:
1. ATT&CK Matrix maps attack techniques and tactics based on the MITRE framework, visually rendering intrusion paths and attack phases;
2. The intelligent event capability automatically aggregates and generates attack event reports using large language models, enabling one-click handling by linking traceability graphs with entity views.
3. The alerting module integrates multiple engines, including intrusion detection, threat intelligence, sandbox, and behavior analytics. It supports payload decoding, PCAP backtracking, and AI interpretation, significantly reducing false positives and improving analysis efficiency.