- Ask for a Flash Briefing
- Contain Validated Breaches
- Ask for a Flash Briefing
- Ask about your adversaries' TTP
- Discover Investigate Actions you need to take
- Recieve Incident Notifications direct to your Device
- Ascetain if an Attack is targetted or opportunistic
- Invocation Name: LMNTRIX (pronounced ‘elementrix’)
- Rated: Guidance Suggested. This skill contains dynamic content.
- Privacy Policy (Hyper Link)
- This skill requires account linking. Account linking works with the Alexa profile that is logged in. If you have multiple profiles on the LMNTRX XDR, say “Alexa, switch profiles” to switch profiles on your device
Waking up to an incident
It’s Saturday morning, you wake up to see the blue light on top of your Echo indicating you’ve had some incident(s) overnight. You then connect to LMNTRIX and ask Alexa “What happened overnight?”.
Once you hear the incidents, you choose which is of interest and drill down into it by saying “What are the details of incident #?”.
If you have elected to review your IOC’s (IP, domain, URL) before mitigating threats, and if there are threats to mitigate, then Alexa will ask you “Would you like to review your breach mitigation options?” to which you answer “Yes”.
After Alexa reads your IOC’s it will ask you “Would you like to stop the breach?” to which you can answer “Yes”, assuming you’re happy with the IOC’s and they don’t pose a risk or a false positive.
The LMNTRIX XDR will then push the IOC’s to your firewalls to a pre-defined blocking policy and shortly after Alexa will say “The threat has been mitigated and the incident updated”.
At this point you have managed to stop the breach and reduce any possible data exfiltration in progress without leaving your bed or engaging anyone else from your security team – all using your voice.
You can repeat the process for any additional threats, ask any other questions, or log out by saying “Alexa stop”.
Board Communication
As a Security Manager or CISO you’re able to give your board members a snapshot of your security status using the Alexa Echo or your phone.
Simply say, “Alexa, give me a snapshot of my security”.
Then say, “How many validated incidents did we have today? (you can replace “today’ with “last week” “last month” or “to date”)
Then say, “Give me an incident summary”.
After you hear your incident summary, you can continue with additional questions or say, “Alexa stop”.
Dinner with the family
You’re at dinner with the family, you receive an incident notification on your phone from the Alexa app. You open the Alexa app and click on the Alexa icon and ask Alexa to “Read my notifications”.
Once you hear the incident heading and priority, it sounds serious, so you elect to hear more details by asking “What are the details of incident #?”.
If you have elected to review your IOC’s (IP, domain, URL) before mitigating threats, and if there are threats to mitigate, then Alexa will ask you “Would you like to review your breach mitigation options?” to which you answer “Yes”.
After Alexa reads your IOC’s it will ask you “Would you like to stop the breach” to which you can answer “Yes”, assuming you’re happy with the IOC’s and they don’t pose a risk or a false positive.
The LMNTRIX XDR will then make the necessary change to your perimeter firewall(s) to stop the breach and shortly after Alexa will say “The threat has been mitigated and the incident updated”.
At this point you have managed to stop the breach and reduce any possible data exfiltration in progress while out at dinner with the family and without engaging anyone else from your security team – all using your voice.
You can repeat the process for any additional threats; ask any other questions or log out by saying “Alexa stop”.
Questions to ask LISA
You can ask LMNTRIX about your cybersecurity status, including a whole host of various details and information.
Once you’ve enabled the skill, say “Alexa ask LMNTRIX ….” Or “Alexa open LMNTRIX ….”, or simply ask your question while your LMNTRIX session is still open.
General Security Status Related Questions
Q1) What is my security status? Or What is my threat level?
Q2) Alexa, why is my security status Low/Medium/High?
Q3) What is my security posture?
Q4) Why is my security posture Low/Medium/High?
Q5) What is my executive/security summary? Or any of the below will produce the same response:
Alexa, what is my flash/morning briefing?
Give me my security report.
Give me a snapshot of my security.
What is going on with LMNTRIX?
Q6) What happened overnight? Or any of the below will produce the same response:
What happened in the past 24 hours?
Tell me about my security incidents from the past 24 hours?
Tell me about my recent incidents?
What’s new?
Q7) Can I have the security details? Or any of the below will produce the same response:
What are my open incidents?
Give me an incident summary.
Give me a summary of all my open incidents.
Can I have a summary of all my incidents.
Give me the headings of all my incidents.
Give me the name of all my incidents.
Incident Specific Questions
Q1) What are the details of incident # or number #? Or What is the incident summary for incident # or number #?
Q9) With regards to Incident #, What is it?
Q10) With regards to Incident #, Where is it?
Q11) With regards to Incident #, When did it get here? Or
When did we get hacked?
When did we get infected?
Q12) With regards to Incident #, How did it get here? Or
How did we get infected?
Q13) With regards to Incident #, How did we detect it? Or
How was it detected?
Q14) With regards to Incident #, What was the threat lifecycle?
Q15) With regards to Incident #, What are the Investigative Actions? Or
What are the recommendations?
What actions should we take?
Q16) With regards to Incident #, What was the detection method?
Q17) With regards to Incident #, What was the threat vector?
Incident Status Related Questions
Q1) Which current/open incidents are being investigated?
Q2) How many current incidents are being investigated?
Q3) How many current incidents are waiting for reply?
Q4) What is the status of all my/our open incidents?
Q5) What is my status and/or status summary?
Incident Priority Related Questions
Q1) What is the priority of my/our incidents?
Q2) What are my low/medium/high/urgent priority incidents?
Q3) How many of my open incidents have a low/medium/high/urgent priority? Or
How many high priority incidents do I/we have?
Incident Threat Lifecycle Related Questions
The cyber kill chain includes the following phases you can question: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objective.
The questions below use the Delivery phase as an example. You may replace “Delivery” with any of the seven kill chain phases above.
Q1) Which open/closed incidents have a Threat Lifecycle of Delivery?
Q2) Which incidents have a Threat Lifecycle of Delivery?
Q3) How many incidents (or open/closed incidents) were detected at the Delivery Threat Lifecycle? Or
How many incidents have a Delivery Threat Lifecycle?
How many incidents have a Threat Lifecycle of Delivery?
How many incidents were detected at the Delivery phase of the kill chain?
Incident Threat Vector Related Questions
The Mitre ATT&CK includes the following tactics you can question: Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact.
The questions below use the Execution phase as an example. You may replace “Execution” with any of the 12 tactics above.
Q1) Which open/closed incidents have a Threat Vector of Execution?
Q2) How many incidents (or open/closed incidents) were detected at the Execution Threat Vector? Or
How many incidents have an Execution Threat Vector?
How many incidents have a Threat Vector of Execution?
How many incidents were detected at the Execution phase of the Mitre attack?
Incident Attack Type Related Questions
Attack Type options can be: Opportunistic, Targeted, Unknown
Q1) How many open incidents are Opportunistic/Targeted/Unknown? Or
How many open incidents have an attack type of Targeted?
Q2) Which open incidents are Opportunistic/Targeted/Unknown?
Incident Breach Validation Status Related Questions
Breach Validation Status options can be: Validated, False Positive, False Negative.
Q1) How many Validated incidents did I have today? (Or last week? Last month? To date?)
Incident Volume & Time Related Questions
Q1) How many incidents/tickets were closed/resolved for the month of June? (You may replace ‘June’ with any month)
Q2) How many incidents/tickets were closed this month?
Q3) How many tickets/incidents were closed last month?
Q4) How many tickets/incidents were closed this year?
Q5) How many tickets/incidents to date? Or
How many tickets/incidents so far?
How many tickets/incidents in total?
How many tickets/incidents in the system?
How many incidents have been detected in total?
Q6) What is the average time it took to close incidents this month/last month/to date?
Q7) Which incident has been open the longest?
Q8) How many incidents took more than 48 hours to close this month/last month/to date?
LISA being Funny
Q1) Alexa, am I (PCI DSS, ISO27001, ISO27017, ISO27018, ISO9001, GDPR, GLBA, ASD, DSD, IRAP, MTCS Tier 3, NIST, FIPS, FISMA, Fedramp, CSA, HIPAA, SOC, SOC2, SOC3) compliant/certified?
Q2) Alexa, who’s the best cybersecurity company in the world/galaxy?
Q3) Alexa, which MDR do other MDRs use for their own security?
Q4) Alexa, which actress does a SIEM remind you of?
Q5) Alexa, should I invest in a SIEM?
Q6) Who is the best cybersecurity practitioner in Europe?
Q7) Who is the best cybersecurity practitioner in the USA / United States ?
Q8) Who is the best cybersecurity practitioner in the world / galaxy / Australia?
US +1.888.958.4555
AU +61.288.805.198
UK +44.808.164.9442
SG +65.3129.2639
HK +852.580.885.33