In this post we’re providing a list of useful tips that our customers love and can make working with Guardicore Centra even simpler: how to quarantine assets with one simple segmentation rule, auto-complete rule labels, integrate external threat feeds and more.
1. Quarantine Assets
To allow your SOC team quick quarantine capabilities, create a new label called “Quarantine” and use it to build a quarantine policy. For example, you can block all outgoing traffic from machines belonging to that label. Then, create a SIEM automation which automatically populates this label with assets when quarantine is needed.
Here’s the segmentation rule that blocks ongoing traffic from a machine to the Quarantine label:
2. Auto-complete labels
When manually creating segmentation rules whose source and/or destination consists of multiple intersecting labels (e,g, Product & Billing), Centra provides a quick way to work with these labels. Instead of writing full label names like Env:Prodution&App:Billing , you can start typing the values in the following way Prod&Bill and Centra will auto-complete your input and suggest full label names.
3. Select multiple objects in Guardicore Reveal
To quickly select a portion of any Reveal map (including multiple labels, assets and flows) use the “S” key to switch between the hand & selection functionality. For example, you can use this to drag and drop multiple objects to a different location, or to suggest segmentation rules for multiple flows. To use this, make sure you’re in Policy mode. More keyboard shortcuts can be found by clicking the “hand” icon on the lower right part of the Reveal Explore screen.
4. Fast forward maps: Using the fast forward button in Reveal can actually help you recreate the same map with the most recent data, based on an existing filter instead of creating multiple maps.
5.Integrate external threat feeds: If your organization owns proprietary or 3rd party threat feeds, these can be easily integrated into the Centra threat engine to expand the threat list. Please reach out to firstname.lastname@example.org if you are interested in exploring this option.
For more information about Guardicore Centra visit the Guardicore Centra Product page.