Key Concepts

Secure60 Platform has a number of terms that you may see in documentation, portal and instructions

Organisation

• An Organisation is the grouping element that holds one or more Users and Projects
• Secure60 supports multi level Organisation Management with the ability to have an unlmited number of child Organisations and unlmited number of child Organisations within child Organisations
• A User is assigned to an Organisation and has visiblity to all Project and Sub Organisations underneath that Organisation

Project

• A Project is the object that holds all customer data (Events, Signals, Threats etc)
• A Project is where Rules and Rule Groups are applied to enable detection of various scenarios

User

• A User is a resource that is able to access Secure60 Platform

Event

• These are raw items formatted according to the Secure60 schema

Signal

• These are items that are interesting from a security perspective (For example a login process is interesting whether its success or failure)

Threat

• These are items that are created by looking at Events and Signals where we have identified a security issue that needs to be addressed

Tokens

• Tokens are used to provide programatic access to the platform. There are a few different types available:
  • Session Tokens which permit a user access to Secure60 APIs for a limited time period
  • Ingest Tokens which are long lived tokens that allow the sending of Event data to the Secure60 Ingest endpoint

Rule Group

• A Rule Group is a collection of Rules. There are managed Rule Groups provided by the Secure60 platform and you can make your own.

Rule

• A Rule is a definition of a check that needs to be made on data within Secure60. Rules can be applied in streaming (real time) or as polling Rules (on a periodic basis. Eg every 5mins). Rules can look at raw data within the system or the can also look at Entity structures to decide if a particular entity has exceed a threshold.
  • Rules have Conditions - Which are the things that execute to test whether a Rule should trigger
  • Rules have Actions - What are the things to happen when a trigger threshold is met

List

• A List is a collection of List Items - which are of the type “TEXT” or “IP”. Lists greatly enhance Rule processing as you can check if the data returned is or is not in a specific List