Qmulos is pleased to announce the general availability of Q-Audit V3.3.0! Here are some of the key exciting upgrades for this release:
- Ability to apply filters and reduce noise to better detect suspicious activity
- Generate a report of all the latest results on the ISSO Audit Review Dashboard
- Customizable ISSO Audit Review dashboard to monitor additional activities and events
More Signal Less Noise
Trying to analyze events to detect suspicious activity while still auditing all the required events in accordance with the ICS 500-27 standard’s requirements can be challenging for organizations. The comprehensive set of events that are required to be audited per ICS 500-27 can generate a lot of noise when trying to analyze the data. E.g., authentications from service accounts, scanning activity from security tools, etc. can generate large volumes of data and obscure actual suspicious activity in visualizations.
We get it. Sometimes, too much noise can make it difficult to detect the real insider threat activities happening within your organization. That’s why we’ve added a filtering capability on the ISSO Audit Review, Risk Summary, and each event family dashboard to exclude specific users, hosts, and applications from the visualizations in Q-Audit. These filters are set on a per dashboard, per system basis.
Not sure whether to apply the filters to the system? You can temporarily apply the filter to the current session to preview what the results in the visuals may look like on the dashboard without having to worry about it permanently taking into effect for the entire system.
Report Generation of Latest Results on the ISSO Audit Review Dashboard
In the previous version of Q-Audit, the ISSO Audit Review dashboard could generate a CSV report of each metric with a breakdown of the specific audit events that comprise that metric. That was great for reporting on specific activity. We’ve discovered that customers also want to generate one comprehensive report that includes the latest results for all the metrics for external reporting purposes. To enable that, we’ve now added the capability for users to export the results for all the metrics in one click, saving them precious time in producing required documentation so they can focus on the stuff that matters.
Customizable ISSO Dashboard to Monitor Additional Events
In the previous version of Q-Audit, our ISSO Audit Review dashboard provided a set of common metrics that ISSOs are most interested in when reviewing audit events across the ICS 500-27 event families. That’s been great to help ISSOs focus on their most important audit events, but each organization is unique so there’s never a one-size-fits-all solution. So now in addition to the common out-of-the-box metrics, users can customize or add their own metrics to the dashboard to monitor additional events unique to their organization and systems.
Other enhancements in Q-Audit include improved performance of the ISSO Audit Review and Risk Summary dashboard, ability to inherit custom roles in Q-Audit, and various bug fixes. For more details on the latest features in Q-Audit, please contact us at email@example.com!