Demo mode — Sample data for demonstration purposes. No changes are saved. Exit demo
Cyberion EDR Console
Configuration > Detections & Playbooks
Demo
9 D demo Administrator Logout

Detections & playbooks

Create detection rules and remediation playbooks with guardrails. Auto-remediation settings

Create detection rule

Create playbook

Rules

NameTypeMITREPatternSeverityModeStatusActions
Suspicious encoded PowerShell process_start T1059.001 -enc
field_contains · cmdline		 high active enabled
Edit
C2 beacon port network_connect T1071 4444,8443
port_in_list		 critical active enabled
Edit
Local auth failure burst agent_status T1110 failed_login
substring		 medium simulation enabled
Edit

Playbooks

NameRuleModeStatusActions
Isolate on C2 C2 beacon port approval_required enabled

Playbook executions

When auto-remediation is off or approval is required, matched playbooks appear here for review.

TimePlaybookEndpointStatusNotes
03/06 12:52 Isolate on C2 WS-TECH-02 pending_approval Awaiting SOC approval before isolation.