Introducing Detection Center: Centralized threat management simplified
We’ve made significant improvements to the way you manage threats in Nebula.
We’ve made significant improvements to the way you manage threats in Nebula and OneView, making it easier to identify and manage critical threats with a centralized view, enhanced remediation options, and improved historical data analysis.
With 35,000 weekly pageviews and over 500,000 detections identified in the last 90 days, the Detections page is crucial for our users to track security threats. However, the page mainly served as a log, which could make it challenging to identify key threats quickly, provided limited context for investigations, and didn’t offer many tools for analyzing historical trends.
The new Detection Center improves the former page by offering a centralized, insightful, and action-oriented approach to threat management. Let’s dive into the changes.
Three new pages: Active Detections, Quarantined Detections, and Detection Log
The new Detection Center introduces three key pages: Active Detections, Quarantined Detections, and Detection Log.
Active Detections
The Active Detections page is a focused view that highlights the most critical and current threats across all the endpoints in your environment, rather than the full history.
The page also provides details on the type and location of each active threat. Users can quickly take action on active threats, such as quarantining them, or creating exclusions if they are false positives.
Quarantined Detections
The Quarantined Detections page consolidates all quarantined items into a single view within the Detection Center. Users will be able to view the full history and lifecycle of quarantined detections in this tab and take actions on quarantined items, such as restoring them if they were incorrectly identified as threats.
Detection Log
The Detection Log page retains the traditional log format but is now integrated within the Detection Center, providing a historical record of all threats with an extended retention period of 365 days.
Detection history feature
A new slide-out view provides detailed insights into the timeline and states of specific threats, helping users understand how threats evolve and are managed over time. Specifically, the slide-out shows:
- When the detection was initially found
- The different states it has been in (e.g. active, quarantined, etc.)
- The current state of the detection
Enhanced remediation options
Users now have the ability to take more granular actions, such as addressing threats across multiple endpoints or focusing on specific threats. Previously, users could only remediate threats on a single endpoint at a time.
Additionally, the update introduces the ability to ignore and create exclusions for specific threats that are identified as false positives, removing them from the active detection view and preventing them from being flagged in future scans.
Try Detection Center
Nebula and OneView users can use the new Detection Center today.