HAWK.io Cloud Documentation
Operations Manual
Event Collection Configuration
HAWK Reference Guides
1. Column Reference Guide
2. HAWK ID Descriptions
3. HAWK Criticiality
4. Incident Response Lifecycle
5. How to Create Custom Signtures
6. How to Create scores
7. Audit Logging for Application Developers
HAWK.io Cloud Documentation
Docs
»
HAWK Reference Guide’s
HAWK Reference Guide’s
¶
1. Column Reference Guide
1.1. Available Event Columns
1.2. Available Audit Columns
1.3. Available Vulnerability columns
1.4. Available Incident columns
1.5. Available Resource Columns
1.6. Available Column Parameters
1.7. Available Where Comparisons
1.8. Event Alert Type Categories
1.9. Resource OS Type Table
2. HAWK ID Descriptions
2.1. Default Message
2.2. Antivirus
2.3. Application Control
2.4. Firewall
2.5. IPS/IDS/HIDS
2.6. Spam Filter
2.7. Router
2.8. Switch
2.9. VPN
2.10. ActiveSync
2.11. FTP
2.12. Operating System
2.13. Mail
2.14. Database
2.15. Web Server
2.16. UPS
2.17. MISC
2.18. Microsoft
2.19. System i
3. HAWK Criticiality
3.1. Most Critical (Level 1)
3.2. Highly Critical (Level 2)
3.3. Critical (Level 3)
3.4. Less Critical (Level 4)
3.5. Least Critical (Level 5)
4. Incident Response Lifecycle
4.1. Preparation
4.2. Detection & Analysis
4.3. Containment, Eradication, & Recovery
4.4. Post-Incident Activity
4.5. Additional Resources
5. How to Create Custom Signtures
5.1. Workflow for Existing Signatures
5.2. Workflow for New Signatures
6. How to Create scores
6.1. Module Keys
6.2. Workflow for Existing Scores
6.3. Workflow for New Scores
7. Audit Logging for Application Developers
7.1. Purpose
7.2. When should I generate logs?
7.3. How should I be delivering these logs?
7.4. What format should my log message or syslog line be in?