MOREAL following the Cyber Security trends and needs, is being evolved with a mindset of threat intelligence management by using behavioural analytics and crowdsourced threat information that leads to early identification of behaviours that seem to be rather abnormal and, therefore suspicious and worthy to be further investigated by the security analysts. MOREAL provides an engine for defining custom rules based on conditions over single log types generated by a single device, as a tool to check properties over single log type streams to generate alerts supplementary to alerts that are based on behavioural analytics to assist security analysts in incident handling process .

MOREAL platform alert mechanism is based on Rules, which can be custom tailored according to to the user needs. Through the Rules overview screen, a user is able to create rules that are triggered by event Logs of the devices that have been assigned to and are accessible by the user. For more technical information refer to the Ruleflow technical article.

The Rules overview screen

The Rules overview screen displays a list with Rules predefined by MOREAL. For each rule, the following are displayed:

• The rule’s severity level. There are four severity levels based on the importance of the alert that will be generated. From the most important to the least significant, the levels are: critical, high, medium and low are represented with red, orange, yellow and green colours respectively.
• The rule’s title
• The rule’s description
• The action buttons that allow the user to enable/disable, edit or delete the rule. Keep in mind that rules that are predefined by the MOREAL Platform cannot be enabled/disabled, edited or deleted.