Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Daspren: add documentation for Daspren Parad #1854

Merged
merged 1 commit into from
Jul 1, 2024
Merged

Daspren: add documentation for Daspren Parad #1854

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions docs/xdr/features/collect/integrations/endpoint/daspren_parad.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
uuid: 23813540-b658-48dd-b030-e9b92168bbf4
name: Daspren Parad
type: intake

## Overview

Daspren is the only Data Detection and Response (DDR) that integrates detection and blocking of cyber attacks.
Daspren goes deep, using our patented data-centric AI to meticulously dissect and analyze every data access. It seamlessly intercepts and scrutinizes these access requests, ensuring that only legitimate, authorized applications can access your data, keeping it secure and protected.

!!! warning
Important note - This format is currently in beta. We highly value your feedback to improve its performance.

Parad is the data protection solution from Daspren. It monitors data activity and use AI to prevent data breaches coming from both the inside and the outside of your organization :

- File created, opened, deleted, moved or modified,
- Access rules breach attempts,
- Malicious processes detected.

## Supported events

This integration supports the following events:

- File monitoring events
- Malicious detection events

{!_shared_content/operations_center/detection/generated/suggested_rules_23813540-b658-48dd-b030-e9b92168bbf4_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/23813540-b658-48dd-b030-e9b92168bbf4.md!}

## Configure

### Create the intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format `Daspren - Parad`. Copy the intake key.

### Setup a Sink

To set up the integration:

1. Open the Parad CLI
2. Create a Sink from the CLI
1. Go to `Sinks > Add Sink`
2. Select the Sekoia Sink Variant
3. Type a name and paste the intake key
3. Create a Reporter from the CLI with `Reporters > Add Reporter`
4. Create a Link between the previously created Sink and Reporter
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,7 @@ nav:
- Cybereason MalOp: xdr/features/collect/integrations/endpoint/cybereason_malop.md
- Cybereason MalOp activity: xdr/features/collect/integrations/endpoint/cybereason_malop_activity.md
- Darktrace Threat Visualizer: xdr/features/collect/integrations/endpoint/darktrace_threat_visualizer.md
- Daspren Parad: xdr/features/collect/integrations/endpoint/daspren_parad.md
- ESET Protect: xdr/features/collect/integrations/endpoint/eset_protect.md
- HarfangLab: xdr/features/collect/integrations/endpoint/harfanglab.md
- IBM AIX: xdr/features/collect/integrations/endpoint/ibm_aix.md
Expand Down
Loading