5 Things You Didn’t Know You Could Do with Guardicore Centra

In this post we’re providing a list of useful tips that our customers love and can make working with Guardicore Centra even simpler: how to quarantine assets with one simple segmentation rule, auto-complete rule labels, integrate external threat feeds and more. 

      1. Quarantine Assets

To allow your SOC team quick quarantine capabilities, create a new label called “Quarantine” and use it to build a quarantine policy. For example, you can block all outgoing traffic from machines belonging to that label. Then, create a SIEM automation which automatically populates this label with assets when quarantine is needed.

Here’s the segmentation rule that blocks ongoing traffic from a machine to the Quarantine label:

Asses risk with Reveal

      2. Auto-complete labels 

When manually creating segmentation rules whose source and/or destination consists of multiple intersecting labels (e,g, Product & Billing), Centra provides a quick way to work with these labels. Instead of writing full label names like Env:Prodution&App:Billing , you can start typing the values in the following way Prod&Bill and Centra will auto-complete your input and suggest full label names.
label auto-complete

      3. Select multiple objects in Guardicore Reveal

To quickly select a portion of any Reveal map (including multiple labels, assets and flows) use the “S” key to switch between the hand & selection functionality. For example, you can use this to drag and drop multiple objects to a different location, or to suggest segmentation rules for multiple flows. To use this, make sure you’re in Policy mode. More keyboard shortcuts can be found by clicking the “hand” icon on the lower right part of the Reveal Explore screen.
Reveal shortcuts

      4. Fast forward maps: Using the fast forward Reveal map Fast Forward  button in Reveal can actually help you recreate the same map with the most recent data, based on an existing filter instead of creating multiple maps. 

Reveal map with 1h data

      5.Integrate external threat feeds: If your organization owns proprietary or 3rd party threat feeds, these can be easily integrated into the Centra threat engine to expand the threat list. Please reach out to support@guardicore.com if you are interested in exploring this option.

For more information about Guardicore Centra visit the Guardicore Centra Product page. 

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA ImageChange Image

‹ Back to Guardicore Blog