ShieldNet Defense Getting Started

Security Made Simple

a part of ShieldNet 360

This document provides a complete guide for customers using ShieldNet Defense. It covers the essential steps for onboarding your organization, configuring the platform, installing agents, and effectively monitoring security alerts.

I. How to onboard your organization to ShieldNet Defense (Trial Registration)

II. Required configuration steps before using the platform

III. How to use the platform and review security alerts

IV. Contact information and support

I. How to Onboard Your Organization (Trial Registration)

Follow these steps to register for a trial and onboard your organization to ShieldNet Defense:

1. Start the Trial:

Visit https://shieldnet360.com/ and click the "Free trial" button.

2. Provide IT Manager Email:

Enter the email address of the IT Manager who will administer the account.

3. Verify Email (OTP):

Check your email for a One-Time Password (OTP) and enter it to verify your identity.

4. Completion Email:

After successful verification, you will receive an email to finalize the registration process.

5. Complete Registration:

Open the email and click the "Complete Registration" button. Follow the on-screen instructions to finish setting up your account.

II. Required Configuration Steps

Before fully utilizing the platform, certain configuration steps are required to ensure proper asset management and security monitoring.

1. Initial Setup

Login to the Portal. You will see step-by-step instructions on the bottom left panel labeled "Get started." Follow these initial prompts to familiarize yourself with the environment.

2. Discover Features

2.1 Assets Management - Employees

Purpose: Add and manage the list of employees within the organization.

 Users can manually enter employees one by one.

 Download an Excel template to fill in and upload bulk data.

 Synchronize directly from Microsoft Entra ID for a faster process.

2.2 Assets Management - Devices

Purpose: Manage information about devices where the agent has been installed.

Once the agent is successfully installed, device information – including OS, IP address, installed applications, and other metadata – will automatically appear here. (See "Install the Agent" section below for details).

 Click the info button to show OS and hardware information.

 Click on a Device name to drill down into details.

2.3 Assets Management - Applications

Applications: Provides a centralized view of applications installed on devices that have the agent installed. This information is automatically synchronized after agent installation is completed. You can view the number of versions currently existing in the system.

2.4 Assets Management - Domain

Domain: Register the organization’s public domains.

Currently: Used to monitor public assets such as SSL certificates and their expiration dates.

 Future Roadmap: This will become the hub for identifying the organization’s attack surface, including threat intelligence, domain vulnerabilities, hosted services (web services, APIs), libraries used, and potential credential leaks. (Feature under development, planned for release later this year.)

3. Install the Agent on an Endpoint

To start monitoring, the ShieldNet Agent must be installed on your endpoints.

1. Click Start to open the instruction panel for agent installation.

2. Select the OS type, then click Continue.

3.Follow the step-by-step instructions provided in the portal to install the agent on the endpoint.

Agent Requirements

The endpoint must be connected to the Internet and allow traffic to the following destinations:

4. Integrate with SaaS/Cloud Services

To integrate ShieldNet Defense with your organization's existing platforms:

1. Click the user icon in the top-right corner of the portal.

2. Select Organization Settings.

3. From the left navigation menu, choose Integrations.

4. Select the integration type currently used by your organization and follow the configuration steps.

Available Integrations

 Import M365 Directory: Automatically import the user directory from Microsoft Entra ID. This allows organizations to quickly synchronize employee accounts and simplifies the onboarding process.

 Sync M365 Audit Log: Authorize access to Microsoft 365 audit logs to monitor security-related activities across supported applications such as Exchange, SharePoint, and other M365 services.

 Sync GCP Audit Log: Authorize access to Google Cloud audit logs to monitor security events and activities across GCP services.

 Connect AWS CloudTrail: Connect to AWS CloudTrail to track important actions and security-related events within your AWS environment.

III. How to Use the Platform and Review Security Alerts

 After completing the configuration steps – or at a minimum, the agent installation – the system will automatically scan activities on the device to detect potential risks and security attacks. These security alerts and findings can be visually monitored on the portal.

Security Monitoring

If a server or endpoint is attacked after the agent is installed, the system will record the detected security incidents in the alert list. Click on the incident name to view detailed information.

Key Alert Components:

Summary

The most concise description of the attack in plain text, designed for executives or IT administrators who may not have deep security expertise. These alerts are generated after the agent performs detailed behavioral analysis and consolidates the results for administrators, eliminating the need for a large security monitoring team.

Impact

Information about the affected assets and users.

Activity Timeline

A detailed timeline of the incident, including timestamps and the results of various stages: Analyze, Investigate, Response, Assign, Conclusion, and Close Reason.

Action Needed

Quick response actions that can be executed directly from the portal, supported by the AI Agent. Actions include:

 Block IP

 Kill Process

 Quarantine File

 Isolate Host

These actions immediately stop the incident from continuing. The AI Agent also provides additional recommendations for administrators to perform manual actions after the quick response steps, helping to strengthen security and reduce the risk of similar attacks in the future.

IV. Contact Information and Support

 If you require assistance or need to report security operations issues, please contact us using the information below.

Email Support:

 General Support: [email protected]

 Security Operations (SecOps): [email protected]

Instant Messaging: MSTeams / Google Chat available upon request.

Quick Support (Call/Z): +84 359.034.039

Thank You!

Learn more about us at www.shieldnet360.com