Cloud-Based Data Sources

For cloud-based data sources, often all that’s needed is to provide the name of the data source, a username, and a password or API key. Depending on the data source, additional information may be needed to gain access.

Providing data from multiple sources leads to a higher-quality analysis. The richness of Epiphany’s output depends on the quality of the data it collects. Data sources often have overlapping data, affording the platform the ability to perform analysis and correlation and return an objective analysis.

Data sources typically fall into four categories:

• Vulnerability Management: This includes solutions that run scans against your system and identify what patches are missing in your environment. At the time of this writing, Epiphany supports vulnerability management solutions such as InsightVM, Tenable.io, and Qualys.

• Endpoint Protection: Endpoint detection and response (EDR) tools, anti-virus tools, and other tools with the ablity to react to questionable conduct increase resilience. Data from these tools and their configurations are evaluated by Epiphany’s machine learning model to determine their effectiveness against risks. Data sources in this category provide operating system and application inventory, identity information (used for correlation), vulnerability data (if present), and presence of a countermeasure. Ephiphany suppports platforms such as Crowdstrike, Cylance, Windows Defender ATP, FortiEDR, Apex Central SAAS, Sentinel One, Malwarebytes, Carbon Black Cloud, and Armis.

• Identity Services: These are platforms that handle authentication. Examples supported by Epiphany are Azure Active Driectory, AWS, Okta, and Gsuite.

• Network Management: These are systems that manage your switchers, routers, firewalls, and so on. Examples supported by Epiphany are Meraki, FortiManager, Palo Alto Panorama, and Cato Networks.

Additionally, you can set up data sources for Patch Management systems and for custom data sources that don’t have a pre-defined template in Epiphany.

The next instructions explain how to access the Source Management Configuration area and provide an overview of setting up a cloud-based data source. For specific information about setting up a particular data source, see its specific configuration guide in GitBook.

Adding a Cloud-based Data Source

1. In the left navigation menu, expand Source Management and then select Configuration.

2. In the Cloud area, expand the type of data source to set up, either Vulnerability Management, Endpoint Protection, Identity Services, or Network Management.

   
3. Select Add New Data source.

   
4. The available data sources for the type you selected display. The data sources shown will vary for each environment and for the type of data source. Select the data source to add.

   
5. The Add New Data Source dialog box shows the information that must be set up for the data source. An example is shown below. Each data source has its own unique information that you must provide. But there are some commonalities in the fields: Data Source Name: The name of the data source. Once the data source is set up, this name displays in places where the data source is used. It’s your way of identifying each data source. This is a required field. Data Source Owner: Expand this list to see the people in your organization. Select the person who is responsible for the data source. This is a required field. Data Source Notes: Enter any notes about the data source. This field is optional. Login credentials: Each data source requires login credentials. They may be a username and password, an access key and a secret key, a tenant ID, application ID, and application secret, or other credentials. It may also include a URL. These fields are required. Show Token (or Password or Secret Key): Check this check box to display the token, password, or key in readable text instead of as asterisks. Active: You can initially leave this set to off. When you are ready to start using the data source, set it to on.

   
6. Select Save.

Some common examples are shown in the next section, including Azure Active Directory, Qualys, and Tenable. For details about specific data sources see the section Data Sources.