Critical Insight, Inc. 5/2/2023 - Laserfiche WebLink

Critical Insight® and the Critical Insight logo are the trademarks of Critical Insight, Inc. ©2023 Critical Insight, Inc. All rights reserved. 2 • AMAZON WEB SERVICES (“AWS”) • MICROSOFT AZURE (“AZURE”) FOR ON PREMISES ENVIRONMENTS WITH COLLECTORS, CI WILL DELIVER AND INSTALL, OR PROVIDE INSTRUCTION FOR INSTALLATION OF, THE CI COLLECTOR ON CUSTOMER PREMISES AND VERIFY OPERATION. FOR ALL ENVIRONMENTS, CI WILL PROVIDE RELEVANT PROVISIONING INSTRUCTIONS FOR MONITORING TOOLS AND DATA STREAMS. DATA STREAMS: EACH ENVIRONMENT HAS UNIQUE DATA STREAMS AND CI WILL MONITOR ALL DATA STREAMS DOCUMENTED IN THE DATA INGEST LIST THROUGH APPROVED DATA INGESTION METHODS. THE FOLLOWING LIST DETAILS COMMON DATA STREAMS CI MONITORS PER ENVIRONMENT. THE DATA STREAMS CI WILL MONITOR FOR THE CUSTOMER ARE DOCUMENTED IN THIS DATA INGEST LIST: • ON-PREMISES • SPECIFIC INTRUSION-DETECTION EVENT STREAMS • SPECIFIED DEVICE, SERVER, INFRASTRUCTURE, AND APPLICATION LOGS • CONTINUOUS ONSITE PACKET COLLECTION FOR NETWORK SEGMENTS SPECIFIED BY CUSTOMER • CI WILL GENERATE FLOW RECORDS FROM COLLECTED PACKETS • CI EPHEMERALLY STORES PACKETS FOR A PERIOD LIMITED BY THE STORAGE CAPACITY OF THE CUSTOMER’S CHOSEN COLLECTORS • AWS • GUARDDUTY ALERTS • CLOUDTRAIL LOGS • VPC FLOW RECORDS • O365 • SPECIFIC MICROSOFT DEFENDER FOR CLOUD APPS ALERT & EVENT STREAMS • SPECIFIC MICROSOFT AZURE AD IDENTITY PROTECTION ALERTS & EVENT STREAMS • Azure AD INTEGRATION FOR RAPID QUARANTINE ACTION AND USER ENRICHMENT • EDR • SPECIFIC SECURITY EVENT STREAMS DEPENDING ON APPROVED EDR • SPECIFIC ACTIONS DEPENDING ON APPROVED EDR • MICROSOFT AZURE • SPECIFIC MICROSOFT DEFENDER FOR CLOUD APPS ALERT & EVENT STREAMS • SPECIFIC MICROSOFT DEFENDER FOR CLOUD ALERT & EVENT STREAMS • SPECIFIC MICROSOFT AZURE AD IDENTITY PROTECTION ALERT & EVENT STREAMS