Entity Collection Overview

Entity Collection Overview

Feb 16, 2023

The current tempo in information security is getting increasingly faster. We continue to chase quicker detections and faster responses. But does that align with reality? Troves of data is being ingested at wire speed w/filtering, comparing, correlating, identifying, and other transform operations in the event lifecycle.

Learn more: https://corelight.com/products/analytics/entities

This comes with an increased risk of missed events/alerts, indiscernible log activity from various origins, and the potential for analysis paralysis/desensitization/burnout…

What about pushing that slightly to the left and have the application or platform generate that data for you? Essentially, providing a higher signal to the typical noise.

The Entity Collection provides:
1) Succinct summaries of valuable information to quickly answer the following questions (and more!):

  • What types of devices are on my network?
  • What services are available on my network?
  • What users have been seen in the past X timeframe?

2) Fundamental facet of actionable data:
In the entity collection, many of the salient data points analysts, engineers, and responders are already familiar with are summarized into easily searchable events.

3) Compliments existing Corelight visibility:
The full suite of network telemetry still exists, but, in addition, the product is providing succinct snapshots of information with a bit of correlation already completed on 15 minute boundaries.

4) Faster insight into asset profiling and application identification:
Easily identifying the software applications running on a network to provide helpful context to security analysts.

5) Building block for future opportunities:

  • Incorporating additional detection techniques based upon this collection
  • Assessing known entity behaviors across periods of time
  • Performing additional analysis on those entities for deeper insight

Interested? Talk to an expert - https://corelight.com/contact