Click on the title of an article linked below and learn more about intelligence in ConnectWise SIEM, including information related to alerts, sightings, sharing, and suppressions.
When data triggers an indicator, an alert is created. The alert is an entry in the SIEM console. Each alert contains the data and/or metadata of the packet/payload that triggered the rule. When an alert is generated it also triggers a siren to go off in our SOC.
Sightings are other people’s alerts. The ConnectWise SIEM sensor triggers alerts based on community intelligence. You can find your own alerts and details in Perchybana.
Suppressions can be applied to several layers of the rule management system hierarchy. IP, Community, and Group are the three layers in which a customer can set the suppression for a rule. Global suppressions can only be applied by the Security Operations Center.
