5 Things You Didn’t Know You Could Do with Guardicore Centra

In this post we’re providing a list of useful tips that our customers love and can make working with Guardicore Centra even simpler: how to quarantine assets with one simple segmentation rule, auto-complete rule labels, integrate external threat feeds and more. 

      1. Quarantine Assets

To allow your SOC team quick quarantine capabilities, create a new label called “Quarantine” and use it to build a quarantine policy. For example, you can block all outgoing traffic from machines belonging to that label. Then, create a SIEM automation which automatically populates this label with assets when quarantine is needed.

Here’s the segmentation rule that blocks ongoing traffic from a machine to the Quarantine label:

      2. Auto-complete labels 

When manually creating segmentation rules whose source and/or destination consists of multiple intersecting labels (e,g, Product & Billing), Centra provides a quick way to work with these labels. Instead of writing full label names like Env:Prodution&App:Billing , you can start typing the values in the following way Prod&Bill and Centra will auto-complete your input and suggest full label names.

      3. Select multiple objects in Guardicore Reveal

To quickly select a portion of any Reveal map (including multiple labels, assets and flows) use the “S” key to switch between the hand & selection functionality. For example, you can use this to drag and drop multiple objects to a different location, or to suggest segmentation rules for multiple flows. To use this, make sure you’re in Policy mode. More keyboard shortcuts can be found by clicking the “hand” icon on the lower right part of the Reveal Explore screen.

      4. Fast forward maps: Using the fast forward   button in Reveal can actually help you recreate the same map with the most recent data, based on an existing filter instead of creating multiple maps. 

      5.Integrate external threat feeds: If your organization owns proprietary or 3rd party threat feeds, these can be easily integrated into the Centra threat engine to expand the threat list. Please reach out to support@guardicore.com if you are interested in exploring this option.

For more information about Guardicore Centra visit the Guardicore Centra Product page. 

From Guardicore's
Resource Center

Managed threat hunting delivered by Guardicore Labs
Synchronize and automate security across your entire network.
 

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs