SIEM

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in a SIEM product

Step 1

Place your overlay window over the recommended area of this page.

Step 2:

Scroll down to where you see the SIEM example.

i	Time	Event
	1613415125	37,21.690344,192.168.55.133,162.159.241.165,TCP,54,62099 > 443 [ACK] Seq=1 Ack=39 Win=65535 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	37,21.690344,192.168.55.133,162.159.241.165,TCP,54,62099 > 443 [ACK] Seq=1 Ack=39 Win=65535 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	37,21.690344,192.168.55.133,162.159.241.165,TCP,54,62099 > 443 [ACK] Seq=1 Ack=39 Win=65535 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	34,19.706099,192.168.55.133,74.125.226.175,SSL,55,Continuation Data,, field5 = SSLhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05.000 PM	33,19.233835,,192.168.55.133,TCP,60,80 > 62101 [ACK] Seq=2 Ack=2 Win=64239 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05.000 PM	32,19.233734,192.168.55.133,108.162.232.205,TCP,54,"62101 > 80 [FIN, ACK] Seq=1 Ack=2 Win=64240 Len=0",, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	31,19.233649,192.168.55.133,45.128.134.14,TCP,54,62101 > 80 [ACK] Seq=1 Ack=2 Win=64240 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05.000 PM	30,19.233649,108.162.232.205,192.168.55.133,TCP,60,"80 > 62101 [FIN, PSH, ACK] Seq=1 Ack=1 Win=64240 Len=0",, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csvv
	2/15/21 1:52:05.000 PM	29,19.23343, 207.154.198.54, 192.168.55.133,TCP,,80 > 62100 [ACK] Seq=2 Ack=2 Win=64239 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv

Step 3:

Select all of the text on the SIEM page and hold CTRL+C, or right click on the Polarity Overlay window and select “Search my Clipboard”

Step 4:

You should now have information from your integrations in the Polarity Overlay window!

Highlight: With Highlight mode, ensure you are clicked on the web page and then highlights will start populating on top of the SIEM example.

Step 5:

If you want to try Polarity recognition, turn on either Stream or Highlight Mode in your Polarity Overlay window.

Endpoint

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in an endpoint protection system.

Step 1

Ensure overlay is in the recommended area.

Step 2:

Select all of the text on the Endpoint example page and hold CTRL+C, or right click on the Polarity Overlay window and select “Search my Clipboard”

TECHNIQUE ID	CST0005
ECIA NAME	IOCRolicySHA256High
TRIGGERING INDICATORS	Associated IOC (SHA256 on library/DLL loaded) b2191c32538842d3fdeff972e5a77527fa35d69fa400aad2aa2798b86fc6cf2a FC00964131A8C9407BA77484E724FC9D GLOBAL PREVALENCE Common LOCAL PREVALENCE Low
USER NAME	DESKTOP-1FKKSLO

Step 3:

You should now have information from your integrations in the Polarity Overlay window!

Step 4:

If you want to try Polarity recognition, turn on either Stream or Highlight Mode in your Polarity Overlay window.

Ticketing

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in a SIEM product

Step 1

Ensure overlay is in the recommended area..

Step 2:

Select all of the text in the description section of the ticket and hold CTRL+C, or right click on the Polarity Overlay window and select “Search my Clipboard”

            
              Sender: helpdesk@msdn-update[.]com

              Recipient: jane@yourcompany[.]com

              Sender IP: 198.54.117[.]198

              Domain: msdn-update[.]com

              Recipient Internal IP: 10.10.240.17

              Attachment:

              crashreporter.exe

              Hashes: 

              MD5	a20722e4bd3a6a35c8dfbb99f2cad8c0

              SHA-1	8eef1361b6f8a464fc7170deaebac07dd5d681c6

              SHA-256	7e8e748f39b0bff7dd70eee3c1d08241565c07ce9bfe687c18ee727cfb2bc5cf

Step 3:

You should now have information from your integrations in the Polarity Overlay window!

Step 4:

If you want to try Polarity recognition, turn on either Stream or Highlight Mode in your Polarity Overlay window.

Step 5:

If you want to try Polarity recognition, turn on either Stream or Highlight Mode in your Polarity Overlay window.

SOC Training

Let’s get the right setup

Step 1

Step 2:

Within the SOC training page, there are three examples. Select your most relevant example.

SIEM

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in a SIEM product

Step 1

Step 2:

Step 3:

Step 4:

Step 5:

Endpoint

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in an endpoint protection system.

Step 1

Step 2:

Step 3:

Step 4:

Ticketing

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in a SIEM product

Step 1

Step 2:

Step 3:

Step 4:

Step 5:

Focus Mode

Step 1

Step 2:

Step 3:

Step 4:

Resources

Company

Support