What SIA Supports
Security Events & Incidents
- Alert and incident details including IDs, severity, status, and verdicts
- Security event timelines and chronological analysis
- Incident summaries and remediation guidance
Threat Intelligence
- Process and file information (command lines, paths, MD5/SHA2 hashes)
- Network connection details (source/destination IPs, URLs)
Investigation Tools
- Alert aggregation and filtering by various attributes
- Host-based activity monitoring and analysis
- Statistical analysis of alert patterns
Response Guidance
- Step-by-step remediation instructions for incidents
- Standard operating procedures (SOPs) for incident handling
- Threat containment recommendations
- Security best practices based on detected threats
What SIA Does Not Support
System Administration
- Endpoint status monitoring (online/offline/isolated)
- User access management and permissions
- Custom rule creation or configuration
- License management and platform settings
Advanced Analytics
- Performance metrics and SLA tracking
- Custom dashboard creation or modifications
- Parent process tree analysis
- Raw log data searches across all data sources
Direct Actions
- Endpoint isolation or remediation actions
- Playbook execution or automation
- Incident / Alert status modifications such as delete, update etc.
- Configuration changes to security tools
Infrastructure Management
- Connector status and management
- Third-party integrations setup
- System health monitoring