Cyber Hawk

ALERTING

Overview     |     Features     |     Alerting     |     How it works

Daily Alerts and Weekly Notices Keep You Ahead of Any Internal Threat

Cyber Hawk keeps you posted of any potential internal security issues going on inside your client’s network. Set the time for the daily scan and it reports back with an email alert sent to any address you specify, including your own ticketing system.

The daily alerts aggregate the issues that were detected during the past 24 hours and can be sorted either by priority/severity (high, medium and low) of the threat, or by the type of issue (threat, anomaly, change).

There are dozens of alerts based on network changes, anomalous activity, vulnerabilities and misconfigurations. Here’s a small sample along with their category and alert type:

Category ACT Alert
Wireless Threat Unauthorized wireless connection
Access Control Change New profile (Business Owner’s computer)
Computers Change Application installed on locked down system
Computers Change Removable drive added to locked down system
Access Control Change Administrative rights granted
Access Control Threat Unauthorized access to IT restricted computer
Access Control Change New device on restricted network
Access Control Threat Unauthorized access to accounting computer
Access Control Threat Unauthorized access to CDE
Access Control Threat Unauthorized access to ePHI
Access Control Change Unauthorized printer on network
Access Control Anomaly Suspicious user logons by single desktop user
Computers Threat Internet restriction not enforced
Computers Threat Critical patches not applied timely on DMZ computer
Computers Threat Critical patches not applied timely
Access Control Change New profile
Access Control Change New user
Access Control Anomaly Unusual logon to computer by user
Access Control Anomaly Unusual logon time by user
Network Security Threat New High Severity Internal Vulnerability
Network Security Threat New Medium Severity Internal Vulnerability
Access Control Change Local User Admin User Added
Click here to download a PDF of sample daily alerts
Download

Even though Cyber Hawk sends you alerts on a daily basis on any potential threat it finds, once a week it will send you a tight summary of all changes to the network that were made during the prior week. This gives you a quick at-a-glance summary of changes that didn’t trigger a alert but still might be worth a quick review.

Changes included in Cyber Hawk’s weekly report fall into the following objects and categories:

Category Sub-Category
Network Wireless Networks
Network Network Devices
Network Domain Users
Network Computers
Network Printers
Network DNS
Network Switch Port Connections
Network Local Users
Security New Internal Vulnerability