Laserfiche WebLink
<br /> 2 <br />• Provide relevant provisioning documentation for Graph API <br />or MCAS <br /> <br />Each platform has unique data streams and CI has approved specific <br />data streams for ingest and monitoring. Data types not listed here may <br />not yet be approved. The following list details the CI-approved data <br />streams, which include but are not limited to (inquire for specifics as <br />needed): <br /> <br />• On-premises customers <br />• Specific Intrusion-detection event streams <br />• Specific Device, server, infrastructure, and application logs <br />• Continuous onsite packet collection for network segments <br />specified by Customer <br />• CI will generate flow records from collected packets <br />• CI ephemerally stores packets for a period limited by the <br />storage capacity of the customer’s chosen collectors <br />• Microsoft Defender (Azure Cloud and/or Endpoint) and MCAS <br />Customers <br />• Event streams, e.g. Graph API SecurityEvents or MCAS <br />(Required) <br />• AWS <br />• GuardDuty Event Streams (Required) <br />• CloudTrail Audit Logs (Required) <br />• VPC Flow Records <br />• WAF Logs <br /> <br /> <br />Managed <br />Detection and <br />Response <br />(CI-MDR) <br /> <br />Activation: <br />• On-Premises Collector Activation: <br />• Verify acquisition of NetFlow, named log sources, packet <br />capture <br />• Verify network scope of packet capture <br />• Verify transmission of event data and correct ingestion into <br />Critical Insight analytics engine <br />• Verify ability to perform extract of packet capture for <br />investigation <br />• AWS Activation: <br />• CloudTrail <br />• Customer verifies successful delivery of CloudTrail logs <br />into the accessible resource determined in provisioning