Detection Engineering I • Room 2

Asset & Identity Framework

Context is king. The Asset and Identity (A&I) framework enriches raw events with contextual data from HR databases (Active Directory) and Asset Registers (CMDB).

If `dest_ip` belongs to the CEO's laptop, A&I automatically increases the ES Priority of the Notable Event from Medium to Critical.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Provides usernames, roles, and organizational units

Provides IP addresses, MAC addresses, and hostnames

Increases the severity of an alert based on VIP status

Combines Severity and Priority into a final score

Identity Lookup

Asset Lookup

Priority Multiplier

Urgency Calculation