Terms_and_Definitions

Terms and Definitions

1. Query: A query is a precise request for information which is written in PostgreSQL

2. PostgreSQL: Is a powerful, open source object-relational database system with over 35 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.

3. APPS: When working on the RAVEN Portal the user has a column on the left with all the different items configured that we can use, for example: Activity, Vulnerability Discovery, Audit, Crawl, Santa, Osquery, Cases, etc. These are what we call APPS.

4. Keys:

5. Bricks:

6. Vault:

7. Credential Data:

8. Centralized:

9. Vault Cluster:

10. Run:

11. Scale:

12. Dynamic Cloud Agnostic Environment:

13. Changing Machines:

14. Network Address:

15. ETL: Extract, Transform, Load is the process where events are extracted from different sources, transformed to the desired format and then loaded into a destination system.

    Events: Is something that happened at a certain moment in time. An event itself is not something automatically suspicious but can act as evidence or raw material for further enrichment and correlation. When received events match a certain pattern this could lead to an alert.

    Chaining:

    Destination System:

    Block-id:

    End-point:

    URL:

    Database:

    API:

    Metadata:

    Task:

    Alert: Something that requires human attention. True positive alerts mean that something suspicious is going on in the organization, requiring action. False positive alerts mean that you will need to optimize your detection setup in order to lower its noise.

    Scaling:

    Brick construct: In playbooks is a self contained unit that performs a specific task or action. Each construct has its own abilities and dependencies, allowing the user to create custom workflows.

    Cron: In Python a cron is a way to schedule and automate tasks.