MOREAL following the Cyber Security trends and needs, is being evolved with a mindset of threat intelligence management by using behavioural analytics and crowdsourced threat information that leads to early identification of behaviours that seem to be rather abnormal and, therefore suspicious and worthy to be further investigated by the security analysts. MOREAL provides an engine for defining custom rules based on conditions over single log types generated by a single device, as a tool to check properties over single log type streams to generate alerts supplementary to alerts that are based on behavioural analytics to assist security analysts in incident handling process .
MOREAL platform alert mechanism is based on Rules, which can be custom tailored according to to the user needs. Through the Rules overview screen, a user is able to create rules that are triggered by event Logs of the devices that have been assigned to and are accessible by the user. For more technical information refer to the Ruleflow technical article.
The Rules overview screen
The Rules overview screen displays a list with Rules predefined by MOREAL. For each rule, the following are displayed: