File Exclusions

Metadata

Files from your detection integrations are analyzed to determine their nature—malicious or benign. Detection of malicious files considers factors such as the targeted endpoint or user, exclusion status, and findings from our threat intelligence sources.

Files

Wirespeed

Introduction

Your guide to managing your clients on Wirespeed

Service Providers

Introduction to Chat Ops

Introduce your company to chat operations

Communication Plan

I received a message from Wirespeed

Automatic and manual isolation of compromised assets

Introduction to Containment

User Containment

Endpoint Containment

Customize how Wirespeed automatically handles your detections

Introduction to Verdicts

Automatically close cases based on natural language queries

Introduction to Exclusions

The art of exclusion writing and understanding trade-offs

Exclusion Examples

Users are ingested from your directory integrations and enable ChatOps, VIP identification, and technical user identification.

Users

All endpoints available in your detection integrations are ingested into Wirespeed and correlated across cases. This allows you to identify repeat offenders over time, add special handling for high value assets, and provide Wirespeed more context for case triaging.

Endpoints

IP addresses are ingested from alerts on your detection integrations that have been previously identified by your detections vendor. Some may be benign and others may be malicious. Malicious IP addresses are determined by their usage of privacy-protecting services like Tor or VPNs and their countries of origin. IP address information is provided for free with our IPInfo integration.

A variety of alerts from your detection integrations include location information, usually related to the location of the asset or user triggering alerts. You may view all identified locations underneath Assets > Locations and investigate cases Wirespeed has triaged from each location.

Locations

Process information is taken from your detection integrations when malicious commands are identified on your endpoints. Process information includes things like the command that was run, the SHA1 and SHA256 of the command, and any threat intelligence we are able to gather related to the process.

Processes

Team

Checkpoint Harmony (Avanan)

Forward Cisco Meraki logs to Wirespeed via syslog

Cisco Meraki

Cisco Umbrella

Automate your MSSP interactions with Wirespeed and ConnectWise

ConnectWise PSA

CrowdStrike Falcon

Email

Fortinent FortiAnalyzer

Google Alert Center

Google Workspace

Discover breached credentials for your team members

Have I Been Pwned

Hyas Protect

IPinfo

Integrate with Jamf Pro to identify devices in your organization

JAMF Pro

Sync your devices and threats from Kandji

Kandji

ManageEngine ADAudit Plus

Defender for Endpoint, Identity, Cloud, Cloud Apps, Sentinel, and more.

Microsoft

Ingest sign-in logs from Microsoft Entra ID

Microsoft Entra Sign-in Logs

Microsoft Teams

Sending Microsoft Windows telemetry to Wirespeed

Microsoft Windows Event Logs

Ingest all users from your Okta directory

Okta

ReversingLabs

Automatically respond to all S1 detections

SentinelOne

Communicate with your users directly in Slack

Slack

Identify deception triggers in your environment

Thinkst Canary

Welcome to the home of your new documentation

Start building awesome documentation in under 5 minutes

Quickstart

Preview changes locally to update your docs

Development

Text, title, and styling in standard markdown

Markdown Syntax

Code Blocks

Add image, video, and other HTML elements

Images and Embeds

Mintlify gives you complete control over the look and feel of your documentation using the mint.json file

Global Settings

The navigation field in mint.json defines the pages that go in the navigation menu

Navigation

Reusable, custom snippets to keep content in sync

Reusable Snippets

Example section for showcasing API endpoints

Returns all plants from the system that the user has access to

Get Plants

Create Plant

Deletes a single plant based on the ID supplied

Name	Description
Late stage tool	Associated with tools that are common in the later stages of a breach
Malware	Tools that are commonly used in breaches
Benign	Known safe for use
Ransomware	Encrypts files and demands payment for decryption
Unknown	None of the above categories are true

Get Started

Chat Ops

Containment

Verdicts

Exclusions

Assets

Settings

Integrations

Files

File Exclusions

Metadata

Get Started

Chat Ops

Containment

Verdicts

Exclusions

Assets

Settings

Integrations

​File Exclusions

​Metadata

File Exclusions

Metadata