Halcyon is pleased to announce the availability of the Enterprise Web UI. The new Enterprise Web UI can be accessed at preview.halcyon.ai alongside the existing UI that will still be available at manage.halcyon.ai until further notice.
Halcyon will be releasing new Enterprise Web UI functionality iteratively over the coming weeks. Customers can tentatively expect future functionality to be released as follows and, of course, existing functionality improvements will come with these iterations as well:
- Iteration 3.4 - Data Export - January
- Iteration 3.5 - Alert Mutability - February
- Iteration 3.6 - Audit Log - February
- Iteration 3.7 - Artifacts - March
- Iteration 3.8 - Events - March
- Iteration 3.9 - Tasks and Dashboard - April
Customers who have enabled SSO for existing UI access will be able to authenticate to the Enterprise Web UI using the same credentials.
What's New
The Halcyon Enterprise Web UI is a new platform designed to deliver richer details covering Agent health, alert analysis, and deeper visibility and control of the Halcyon deployment including policy control and data export (coming end of January).
Alerts Screen
The Alerts screen provides an enhanced and holistic view of alerts reported by all assets. It serves as a consolidated summary of all alerts for a given tenant, offering a unified perspective for both Block (Active Mode) and Warning (Learning Mode) alerts in a single aggregated view.
- Level includes Block for Active Mode and Warning for Learning Mode
- Type includes Bad Behavior and Malicious Executable:
Alerts Screen
New Filters for Alerts Management
After selecting Filter dropdown, users gain access to a set of new filtering options Last Seen, First Seen, Count, Level and Type:
Alerts Filters
Ability to view Detail Alerts
After clicking on an Alert ID, users can view more details of an alert. The Summary tab will include Alert Details along with information on its prevalence, specifying when and how many occurrences have been recorded:
Alert Summary Tab
The Artifacts tab provide the detailed information, including the hash, path and the kind of threat:
Alert Artifacts Tab
The Assets tab will display the assets where alert occurred:
Alert Assets Tab
Ability to Add/Remove Override
In the detailed Alert view, if a user deems an alert to be safe, they can click on "Add override" button on the top right corner to allow it. Conversely, if they change their decision, they can click on “View override” button and then click "Remove override" to revoke the allowance:
Add Override
View Override
Remove Override
Assets Screen
The Assets screen, formerly referred to as Devices, showcases the organization's managed assets along with their corresponding threat information. The new Assets Screen includes additional filters and sorting abilities:
Assets Screen
New Filters for Assets Management
After selecting Filter dropdown, users will encounter a set of new filtering options, including Name, Agent version, OS Name and Type:
Assets Filters
Ability to View Detail Asset Info
After clicking on a selected Asset Name, users can access detailed information pertaining to the selected asset. The Agent Info tab provides essential details about the selected asset's HAR Agent, including its name, version, and the date of the last update:
Agent Info Tab
The Operating System tab presents detail information about the operating system (OS) installed on the selected asset:
Operating System Tab
The Machine tab includes detail information of the selected asset:
Machine Tab
The Search Groups tab enables users to efficiently manage and categorize assets through grouping (formerly known as tagging):
Search Groups Tab
Override Screen
The Overrides screen enables users to view and manage rules that override default behaviors and actions triggered by identified threats. There are 3 types of overrides: Certificates, Hash and Monitor.
The Certificates tab enables users create and edit overrides for specific certificates by providing the thumbprint. Users can choose the Target at either the Asset level (specific assets) or Tenant level (all assets in a specific tenant) and define the desired Action (Allow or Block). Files signed with a certificate thumbprint listed in the overrides will be processed based on the specified Action:
Overrides - Certificates Tab
The Hash tab enables users create and edit overrides for specific files by providing the file hash/SHA256. Users can choose the Target at either the Asset level (specific assets) or Tenant level (all assets in a specific tenant) and define the desired Action (Allow or Block):
Overrides - Hash Tab
The Monitor tab enables users create and edit overrides for specific files by providing the file hash/SHA256. Users can choose the Target at either the Asset level (specific assets) or Tenant level (all assets in a specific tenant) and define the desired Action (Bypass Only):
Overrides - Monitor Tab
Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform to fill endpoint protection gaps and defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.
Related Posts
The Halcyon Platform
Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.
Interested in getting a demo? Fill out the form and let’s talk!
Get a Demo
Meet with a Halcyon Anti-Ransomware Expert