This article explains how to perform basic investigation using SECONE Threat Hunting application. Application generates the alarms based on NetFlow (IP address reputation) and Syslog Web Proxy logs (domain/URL reputation). This manual is for users who have registered tenant and configured network devices to send NetFlow to SEC.ONE. The first step is to use the … Continue reading How to investigate