Self-Guided Onboarding

Red Canary Portal Training

This session will help new and returning users confidently navigate and utilize the full capabilities of the Red Canary portal. Whether you're managing endpoints, reviewing detections, or generating reports, this video provides the knowledge you need to get started and work efficiently. It covers the following topics:

• Navigating overall portal functionality

• Managing and monitoring your endpoints

• Understanding and exploring threats and gaining a high-level overview

• Performing investigation and analysis of suspicious activity

• Accessing and interpreting reports to support your security operations

  [53 minutes]

Next Steps:

To reinforce what you’ve learned, please complete the following tasks in your Red Canary portal:

1. Complete the Company Profile section, including populating the Security Protocol contact list with the appropriate contacts.

2. Navigate to the Applications section and review any applications listed as "Needs Review." Update their status accordingly.

3. Explore the Threats section by opening an existing threat detection and reviewing its details, including timeline, indicators, and endpoint activity.

4. Access the Endpoints page, select a host, and review its recent behavior and detection history.

Completing these tasks will ensure that your environment is configured properly and you’re confident using key areas of the portal.

Automation Training

This session walks you through how automation works within the Red Canary portal and how it can help streamline your security operations, reduce manual effort, and improve response times. It covers the following topics:

• Understanding the core concepts of automation within the platform

• Configuring and customizing automation playbooks or workflows

• Setting up automated alert responses and actions

• Integrating automation with endpoint and threat detection

  [37 minutes]

Next Steps:

To apply what you've learned in this training, please complete the following tasks in your Red Canary Portal:

1. Review your current automation settings to understand what playbooks or workflows are currently active.

2. Navigate to the Automation section and explore the available playbook templates.

3. Identify at least one use case to implement automation, such as isolating a host or assigning a threat, and begin drafting or enabling a relevant playbook.

4. Verify that your automation configurations align with your incident response process and escalation paths.

5. Discuss additional automation use cases with your internal team to ensure consistency with your organization’s security protocols.

Completing these tasks will help you begin applying automation effectively and ensure it's working in alignment with your team’s goals.

Active Remediation Training

This session covers how to use Red Canary’s Active Remediation to take fast, targeted action on confirmed threats across managed endpoints. Active Remediation provides hands-on-keyboard support from Red Canary’s Threat Response Engineer (TRE) team, who are notified to begin remediation based on your subscription settings. It covers the following topics:

• Monitoring and managing Active Remediation in the portal

• Understanding TRE and SOAR response workflows

• Tracking remediation status and outcomes

• Collaborating with Red Canary throughout the process

  [22 minutes]

Next Steps:

To reinforce your understanding and prepare your environment for effective remediation, please complete the following tasks:

1. Review the Getting Started with Active Remediation article and set up a Group within your EDR platform using this naming convention:
   Remediate – [Group Name]

2. Familiarize yourself with the isolation and artifact removal process by examining a past remediation example (if available).

3. Discuss with your internal team how Red Canary’s Active Remediation integrates into your existing incident response workflows.

4. Review this article to deepen your understanding: Active Remediation FAQ