Notification
Simple notifications of detector alerts into readable information by themselves can be a big win for security teams. The ability to automatically process alerts and gather all the relevant information from both external and internal sources is a time saver. This provides more time to decide what to do and less time wasted on information gathering efforts. You can find an example alert below.
In addition to notifications, at this point in the FIDO pipeline information which has been gathered is now stored. Currently, the FIDO database is a simple SQLite database, but we are evaluating other solutions as FIDO's needs continue to evolve. Example information which is stored in the FIDO database includes all relevant information related to the current event including the machine/user information and threat information. Other information includes storing artifacts such as URL, IP, and hashes based on each event to be used as historical lookups in future events.
The current state of the database is very raw and maturing it to handle events in more sophisticated ways in a priority..
On to the next step... Update Detectors.