SOAR

Event Response Acceleration: For each device on a switch, we will tell you the VLAN name and number associated with the MAC address and manufacturer, and the IP address and reverse DNS lookup. You can click on the IP address to see who this device is talking to (all flows associated), as well as connect to the device for management. If there is more to learn about the device, you can do a full scan using Nmap. Additionally, if the device is on the Windows domain, a domain link will allow you to see more details about the OS, CPU, memory, disk and network usage, who is logged in, and what processes are running.  Everything is provided to fully research a SIEM alert to be able to respond within minutes with one solution.