It is a kind of antivirus with an agent on each machine in the organization. Agent reports all data (processes, users, events, traffic, etc) to the server, analyzes it and decides if the operation was malicious and then reports it to the UI. UI is a kind of inbox, where SOC engineers investigate the received report and perform actions like killing suspicious processes, isolating the PC and so on.

November 26 @ 11:40
11:40 — 12:20 (40′)

Denis Mitin