MDR for Windows Defender: Using your SIEM (Stellar) Console

Description

The SIEM console is where you can go to see data from products/services integrated via one of our SIEM/SOCaaS offerings.

This portal is protected by our MFA, IdP, PAM provider, EVO Security. This means you will use your EVO security credentials to log into this portal.

SIEM (Stellar) Console

  1. Browse to https://solutionsgrantedinc.stellarcyber.cloud/.
    1. You will be redirected to the EVO login page.

Image

  1. Login with your EVO account credentials.
    1. Once you approve the mobile push, you will be authenticated, logged in, and redirected back to the SIEM console.

Using the Stellar SIEM Console

Your initial landing page in the console will be the overview/ Killchain page.

  • Click on the Investigate Tab

image-20240521-210523.png

  • Select Threat Hunting
  • Click on the Indices Filter box
  • Deselect Alerts, and select Syslogs

image-20240521-210828.png

  • Click back on the filter box to collapse the menu
  • Select the time frame that you would like to view your syslogs for. Multiple index value searches can only run a maximum of 24 hours from the current time. Single value searches can be set to run for absolute values (set date and time) daily (single calendar day), or relative, (last 24 hours)

image-20240521-211010.png

Related Articles

  • MPSS Frequently Asked Questions (FAQs)
    Read More
  • Getting Started with MPSS
    Read More
  • MSS FMM: NSM - Frequently Asked Questions (FAQs)
    Read More

Categories

Managed Security Services
Endpoint Managed Detection and Response
MDR for Windows Defender
not finding your answers?
Ask the Community