See beyond the alert name
While many tools simply give a high-level overview of attacks or
violations, they're missing out of vital information.
CS Threat Assessment applies directionality to security alerts
to procduce threat vectors that show the structure and timeline
of a compromise or attack.
See when it happened, where it came from, who was the target,
and how and if it propagated.
The truth is in the packets
CS Threat Assessment makes it easy to drill down
from a high-level alert all the way through the HTTP stream and even to
the individual packet that triggered it.
Compare stream data side-by-side with IDS rule criteria making classification
of alerts fast and easy.
Find root cause faster and share your analysis
CloudShark lets you easily collaborate with anyone to get to the bottom
of an attack or anomaly. View a stream, filter out the offending
packets, and share exactly what you’re looking at with colleagues and experts.
It even pulls detailed reference information out of alerts for you
to continue your malware research.
Pivot to Zeek
Pivot from an alert right to the Zeek logs
with help from the
community-id field for every alert.
Move from Suricata to Zeek to continue gathering evidence, or run
more advanced custom scripts.