ACSIA Help Center

User Manual - V7.0.0

Nadia Riccardi
Nadia Riccardi
  • Updated

Dashboard section

The Dashboard section shows an overview of the incidents on your infrastructure.

 

The data can be filtered per tenant (2) and per hour (3):

db1.png


Incidents section

The Incidents section shows the details of the incidents on your infrastructure, telling you if an incident has a low, medium, high, or critical impact:

db2.png

 

As a default, the incidents are shown per severity (low, medium, high, critical) but you can create different filters by clicking on +Add filter:

db3.png

 

After an incident has been verified, you can decide whether to put it on hold, closed, or leave it open by changing its status:

db4.png

 

To visualize all the details of an incident, click on it:

db5.png

 

The Geolocalization tab shows you where the attacker's IP is located.

db6.png

The Raw event tab shows all the details associated with the incident, like the time stamp and many more. 


Devices section

When you want to use the software on a machine, you must install the agent first.

 

To do so, go to Devices > + Device to add a new device then follow the instructions on the UI to install the agent on your machine.

 

Note that you have to select the tenant, at point 1, and the operating system of your machine, at point 2.

db7.png

To visualize all the devices, you can filter them:

db8.png


Global Settings

Here you can customize the name, the logo, and the company information of the app (only Staff Users can make these changes). 


Global Audit Logs

Here you can see a detailed log of all accesses and management operations. Staff Users can filter log entries based on specific tenants and users.

By clicking on the log, you can see further details about the entry. 

 


Detection Rules

This section allows users to enable or disable Sigma rules from the UI. This provides a more flexible and customized approach to rule management within the system.

db9.png


Network Policies

In this section, Whitelist/Blacklist of IPs and networks can be managed.

  • Rules can be defined in ACSIA: the system can automatically whitelist/blacklist IPs or networks based on rule triggers.

  • Network security administrators can manually whitelist/blacklist IPs or networks from the incident view.

  • Network security administrators can manually whitelist/blacklist specific IPs, networks, or IP ranges with details.

  • Notification actions are configured to ignore the IPs or networks in the whitelist or blacklist.

db10.png

How to add a new policy

    • Click on +Policy
    • Write the IP Address and select the action (Block/Allow)
    • Select if you want to apply it on all the devices or only on selected ones
    • Save

db11.png


Notification rules section

This section allows you to create custom notifications based on incident severity. Currently, we support notifications via email, Teams, and Slack.

 

To create a new notification rule, click on Notifications rules > +Rule and choose the type of notification you want:

db12.png

Based on what you've chosen, you'll need to insert the emails of the recipients (separated by a comma), or a webhook in case of Teams or Slack notifications.


Users section

In this section, you can add users and have two possibilities:

  • You can add a new user by filling in the required fields. You'll also have to specify a role for the new user (see also the roles section).
  • You can import existing users. By clicking on import user, the list of existing users will show up.

Roles section

You can create completely custom roles in the roles section by clicking on +Role.

 

Give a name to the new role and decide the privileges it will have:

db13.png

 


Audit Logs

Here you can see a detailed log of all accesses and management operations.

By clicking on the log, you can find further details about the entry.

db14.png


Preferences section

In this section, you can manage your preferences.

  • Automatic Malicious IP Blocking Configuration
    Customize Automatic Malicious IP Blocking by specifying which attacking IPs trigger blocks and choose whether to apply them universally or selectively to devices under attack, providing granular control over your cybersecurity measures.
  • Automatic Malicious File Blocking Configuration
    Enable Automatic Malicious File Blocking to restrict access to potentially dangerous files.
  • Device Isolation Whitelist Configuration
    The Device Isolation mode is configured to restrict the connectivity of devices under attack, rendering them inaccessible to and from all hosts, except those specified in the whitelist. Please confirm the list of hosts that can reach compromised devices before enabling Device Isolation mode.
  • Allowed IPs
    Customize the list of hosts allowed to communicate with isolated devices. Define specific hosts that maintain connectivity privileges, providing flexibility and control over communication during security incidents

db15.png

 


Settings

In this section you will find information about your account, you can select the Light/Dark mode for the dashboard and log out from the platform.

 

2024-02-16_11-31.png