Quadrant Information Security is happy to announce several new and incredible features in our customer console!
Quadrant now allows you access to your data via an API call. This means that you can reach into our systems to extract data related to your organization’s security events. Data is returned in a JSON format that contains some of the following data:
- Timestamp of the alert
- Protocols and ports used
- GeoIP information (if available)
- Bluedot “Threat Intel” (if available)
- Quadrant Analysts notes and criticality
- Payload data (Base64 encoded)
- Copy of the signature that generated the alert
- Reference data (CVEs, whitepapers, etc)
- And much more
Access to this information allows you to preform further analysis on events and alerts. For example, the data can be imported into a Security Orchestration, Automation, and Response (SOAR) system or a data analytics platform.
API access is available now within your console. To get your API key and start preforming queries, select the “Company Settings” (The “gear” symbol on then left in the dashboard) and then select the “Quadrant API” option.
New “Call Tree” Controls.
Within the console under “Company Settings” (The “gear” symbol on the left in the dashboard) you will find a new feature called “Call Tree”. This feature allows you to assign who gets called, along with any additional notes, in the event a security threat is detected. The call tree is ordered in the preference of call order and can be modified at any time.
We invite you to review the current configuration of your call tree. We have attempted to mimic the order of your current call tree configuration, but by reviewing it yourself, you can ensure that it is in the correct order.
The “Call Tree” feature in the console will go live on August 2nd, 2021. We are allowing early access to this feature so that you can verify the settings prior to go-live.
New “Email Distribution List” Controls.
Within the console under “Company Settings” (The “gear” symbol on the left in the dashboard) you will find a new feature called “Email Distribution List”. This feature allows you to control who gets different types of emails. Current e-mail distributions option are:
- Alerts – Critical/Non-Critical e-mail alerts
- Maintenance – E-mails regarding maintenance of Quadrant systems and/or sensors
- 24 Hour Report – A report that provides a summary of alerts for the last 24 hours
- Executive Reports – Who should receive “executive” (quarterly) reports
We invite you to review the current configuration of the email distribution list. We have attempted to mimic your current configurations, but by reviewing it yourself, you can ensure that all the right people are getting the right reports.
The “Email Distribution List” feature will go live on August 2nd, 2021. We are allowing early access to this feature so that you can verify the settings prior to go-live.
New Email “X” SMTP Headers on Alerts
Starting August 2nd, 2021, Quadrant alert e-mails will have new “X” SMTP headers embedded. These headers are:
- X-Quadrant-Class – Classifications based of the signature.
- X-Quadrant-Level – Critical / Non-Critical
- X-Quadrant-Short-Description – Analyst classifications (“Exploit Attempt”, “Active Attack”, etc)
- X-Quadrant-Sensor-ID – ID number of the Quadrant Sensor
The SMTP headers are being added so that you can more easily “route” e-mails within your mail system (MTA) to the correct people. For example, you can route “System Events” and “System Errors” to your system administration teams based on the “X-Quadrant-Short-Description”; or you might want to routine “Non-Critical” events to a folder for later review while keeping “Critical” events at the top of your e-mail box based of the “X-Quadrant-Level”. These new headers allow for easier filtering and email routing.
We have many new features coming in the next few months that we are excited about! Please let us know if you have any questions! Thank you!