What’s New Halcyon? Introducing DXP Nefarious Peer Alerts

Halcyon is excited to announce new improvements to the Enterprise Web UI which are now available for use at console.halcyon.ai and console.eu.halcyon.ai.

What's New

The latest update to the Halcyon Enterprise Web UI introduces key new capabilities via the console highlighted by:

DXP Nefarious Data Transfer Events

When an attempt is made to transfer data to a restricted IP address or DNS, the agent immediately flags the activity as suspicious. A detailed event is logged in the console. The list of restricted IPs or DNS is based on predefined DXP rules managed by Halcyon:  

DXP Nefarious Peer Alerts

This new alert type is triggered when one or more Nefarious Data Transfer events are detected under a specific DXP (Offending) rule. A single alert is generated for each unique DXP (Offending) rule that is activated.  

For example, if multiple devices attempt to connect to or transfer data to a site that violates a DXP (Offending) rule, such as "mega.io," only one Nefarious Peer alert will be displayed on the Alerts screen:

Alert Details: From the Alerts screen, click on any listed Data Exfiltration alert to view its detailed information. You will see a Summary, which includes the first and last occurrence, total assets involved, and total occurrences. The Artifact section provides the specific DXP (Offending) rule that triggered the alert, and the Assets section lists all devices involved in the DXP Nefarious Peer alert:

DXP Alert Override

DXP Override: On the Alert Detail screen, if no override exists, an Add Override button will appear in the top-right corner. Click Add Override button to add override. To confirm, click Add, or select Cancel to discard the action:

Override Indicator: Once an override is added, a new Configured Response will appear, indicating that the Offending rule is now allowed:

Override Details: To view the details of an override, click the View Override button on the right side of the Configured Response section. To remove a selected override, click the Remove Override button at the bottom right of the View override screen:

Host Overrides

DXP Override list: From the main console, navigate to the Overrides menu. Select the Host tab to access the Host Overrides screen. This new screen displays any existing DXP overrides. Admins or Power Users can delete a DXP override by clicking the delete icon next to the corresponding entry:

Halcyon is the only cybersecurity company that eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies. Backed by an industry-leading warranty, the Halcyon Anti-Ransomware Platform drastically reduces downtime, enabling organizations to quickly and easily recover from attacks without paying ransoms or relying on backups. For more information on how Halcyon efficiently and effectively defeats ransomware attacks, contact an expert here or visit halcyon.ai to request a free consultation.

‍