After you’re up and running, your work consists of:
Responding to incidents, and other events.
If rules are tuned, events should fire when there is high likelihood of an attack, when systems fall out of compliance, or when critical vulnerabilities are detected in your environment.
Incident Explorer elevates raw audit data to actionable security intelligence by automatically correlating individual events generated by the firewall and runtime sensors to surface unfolding attacks.
Tuning rules and policies as new apps are released and existing ones are upgraded.