Containment Actions

VIPs

User Containment

Wirespeed

Introduction

Your guide to managing your clients on Wirespeed

Service Providers

Answers to common questions from Wirespeed users

Frequently Asked Questions

Introduction to Chat Ops

Introduce your company to chat operations

Communication Plan

I received a message from Wirespeed

Automatic and manual isolation of compromised assets

Introduction to Containment

Endpoint Containment

Customize how Wirespeed automatically handles your detections

Introduction to Verdicts

Automatically close cases based on natural language queries

Introduction to Exclusions

The art of exclusion writing and understanding trade-offs

Exclusion Examples

Ingest events, logs, and more from your source system into Wirespeed's SIEM

Introduction to Events

Advanced Queries

Custom Detections

Users are ingested from your directory integrations and enable ChatOps, VIP identification, and technical user identification.

Users

All endpoints available in your detection integrations are ingested into Wirespeed and correlated across cases. This allows you to identify repeat offenders over time, add special handling for high value assets, and provide Wirespeed more context for case triaging.

Endpoints

Files from your detection integrations are analyzed to determine their nature—malicious or benign. Detection of malicious files considers factors such as the targeted endpoint or user, exclusion status, and findings from our threat intelligence sources.

Files

IP addresses are ingested from alerts on your detection integrations that have been previously identified by your detections vendor. Some may be benign and others may be malicious. Malicious IP addresses are determined by their usage of privacy-protecting services like Tor or VPNs and their countries of origin. IP address information is provided for free with our IPInfo integration.

A variety of alerts from your detection integrations include location information, usually related to the location of the asset or user triggering alerts. You may view all identified locations underneath Assets > Locations and investigate cases Wirespeed has triaged from each location.

Locations

Process information is taken from your detection integrations when malicious commands are identified on your endpoints. Process information includes things like the command that was run, the SHA1 and SHA256 of the command, and any threat intelligence we are able to gather related to the process.

Processes

Team

Checkpoint Harmony (Avanan)

Forward Cisco Meraki logs to Wirespeed via syslog

Cisco Meraki

Cisco Umbrella

Automate your MSSP interactions with Wirespeed and ConnectWise

ConnectWise PSA

CrowdStrike Falcon

Email

Fortinent FortiAnalyzer

Google Alert Center

Google Workspace

Discover breached credentials for your team members

Have I Been Pwned

Hyas Protect

IPinfo

Integrate with Jamf Pro to identify devices in your organization

Jamf Pro

Integrate with Jamf Protect to identify devices and detections in your organization

Jamf Protect

Integrate with Jira Data Center to sync Wirespeed cases with your team

Jira Data Center

Sync your devices and threats from Kandji

Kandji

ManageEngine ADAudit Plus

Defender for Endpoint, Identity, Cloud, Cloud Apps, Sentinel, and more.

Microsoft

Ingest sign-in logs from Microsoft Entra ID

Microsoft Entra Sign-in Logs

Microsoft Teams

Sending Microsoft Windows telemetry to Wirespeed

Microsoft Windows Event Logs

Ingest all users from your Okta directory

Okta

ReversingLabs

Automatically respond to all S1 detections

SentinelOne

Communicate with your users directly in Slack

Slack

Identify deception triggers in your environment

Thinkst Canary

Count cases by status

Get weekly case counts

Get example case for demonstration

Get all detections for a case

Delete a case

Update case details

Calculate mean time to resolution

Reingest all detections for a case

Get related cases

Get threat indicators for a case

Search and list cases

Submit feedback for AI case summary

Get case by ID or SID

Search integrations

Search integration logs

Get daily integration log counts

Add API key integration

Add other integration type

Add basic authentication integration

Get OAuth installation URL

Get all integration configurations

Get integration by ID

Delete integration

Update integration

Get integration configuration by type

Handle OAuth redirect

Verify JWT token

Handle authenticated OAuth redirect

Invoke integration action

Handle OAuth authenticated redirect

Get AWS remote API key

Register AWS integration remotely

Check integration entitlements

Handle integration webhook

Handle chat operations

Get ConnectWise PSA configuration

Update ConnectWise PSA configuration

Get ConnectWise companies

Get ConnectWise boards

Get board ticket types

Get board ticket statuses

Get ConnectWise priorities

Get Jira configuration

Update Jira configuration

Get Jira projects

Get Jira issue types

Get all assets for a case

Get all assets for a detection

Get asset counts by type

Bulk contain multiple assets

Bulk uncontain multiple assets

Contain directory user

Contain endpoint

Uncontain endpoint

Get team statistics report

Get current team information

Create a new team

Search service provider teams

Update team information

Get team by any UUID

Get all teams

Search team members

Search system logs

Add operating team

Remove operating team

Invite user to team

Resend invitation to user

Get platform logos

Upload platform logo

Delete platform logo

Get current user information

Update current user information

Update user role

Delete user

Unlock user account

Lock user account

Get user API keys

Create new API key

Delete API key

Calculate mean time to detect

Calculate mean time to verdict

Reingest a detection

Search and list detections

Get example detection for demonstration

Get detection by ID or SID

Get AQL questions for detection

Delete a detection

Update detection details

Retrieves detailed information about a specific endpoint including its public IPs and integration data

Get endpoint by ID

Update endpoint properties such as HVA status. Requires analyst role

Update endpoint properties

Search and filter endpoints with pagination support. Can filter by HVA status, IP, user, and managed status

Search endpoints

Returns the current count of High Value Assets and the change over time

Get HVA count and change

Create an automation rule to automatically mark endpoints as High Value Assets based on specific criteria

Create HVA automation rule

Retrieve a paginated list of High Value Asset automation rules for the current team

Search HVA automation rules

Permanently delete an HVA automation rule

Delete HVA automation rule

Enable or disable an existing HVA automation rule

Update HVA automation rule

Manually trigger a refresh of endpoint data from integrated systems (EDR/MDM)

Refresh endpoint data

Latest updates and improvements to Wirespeed

Changelog

Welcome to the home of your new documentation

Start building awesome documentation in under 5 minutes

Quickstart

Preview changes locally to update your docs

Development

Text, title, and styling in standard markdown

Markdown Syntax

Code Blocks

Add image, video, and other HTML elements

Images and Embeds

Mintlify gives you complete control over the look and feel of your documentation using the mint.json file

Global Settings

The navigation field in mint.json defines the pages that go in the navigation menu

Navigation

Reusable, custom snippets to keep content in sync

Get Started

Chat Ops

Containment

Verdicts

Exclusions

Events

Assets

Settings

Integrations

User Containment

Containment Actions

VIPs

Get Started

Chat Ops

Containment

Verdicts

Exclusions

Events

Assets

Settings

Integrations

​Containment Actions

​VIPs

Containment Actions

VIPs