Key Concepts
This guide explains the key concepts and terminology used throughout Superna 5.x to help you understand the platform's capabilities and components.
Core Platform Components
| Term | Definition |
|---|---|
| Dashboard | Centralized monitoring interface showing security status, active threats, system health, and activity metrics with interactive widgets |
| Threat Detection | Machine learning-powered security engine that monitors for suspicious activities and potential attacks using behavioral analysis |
| Inventory | Device and asset management system that catalogs all protected storage systems, tracks licenses, and identifies coverage gaps |
| Jobs | Automated task execution system for scheduled or on-demand operations including device management and security scanning |
| Settings | Configuration management interface for platform-wide and feature-specific options including onboarding mode and notifications |
Security and Threat Detection
| Term | Definition |
|---|---|
| Active Threats | Current security incidents requiring attention, categorized by severity level (Critical, High, Medium, Low) |
| Behavioral Analysis | Machine learning system that learns normal environment patterns and alerts on deviations to catch zero-day threats |
| Baseline | Normal activity patterns established during the learning phase to identify anomalous behavior |
| Detection Types | Threat categories including Data Encryption, Suspicious Extension, Mass Delete, and other security indicators |
| Honeypot Activity | Interaction with decoy files serving as tripwires to detect unauthorized access attempts |
| Learned Thresholds | Dynamically adjusted detection parameters based on environment patterns, automatically tuned during onboarding |
| Lockout | Automatic user access restriction when suspicious activity is detected to prevent damage during active threats |
| Ransomware | Malicious software that encrypts data, detected through multiple patterns including encryption and file renaming |
| Security Guard | Automated security scanning system that monitors system health with percentage-based health indicators |
| Suspicious Extension | File operations with extensions associated with malware (e.g., .blacksuit, .locky, .encrypted) |
| Threat Severity Levels | Priority classification system: Critical (red), High (orange), Medium (yellow), Low (blue) |
System Management and Operations
| Term | Definition |
|---|---|
| Auditing Devices | Storage systems configured for security monitoring and data protection with comprehensive audit capabilities |
| API Tokens | Authentication credentials for programmatic access to platform features, enabling third-party integrations |
| Health Check | System monitoring that verifies proper operation of platform components with remediation actions |
| Job Status Types | Current state indicators for automated tasks: Queued, Running, Finished, Errors (with timestamps) |
| Job Types | Categories of automated tasks: Configuration, General, Threat Detection, Security Guard, Robo Audit |
| Onboarding Mode | Initial learning phase where system establishes baseline behavior patterns with restricted features |
| Regular Mode | Full operational state with all security features enabled after sufficient data collection |
| Robo Audit | Automated self-test system for permissions and access patterns with continuous vulnerability scanning |
| Syslog | System logging protocol for collecting audit events from devices, critical for forensic analysis |
| Webhooks | HTTP callbacks for real-time event notifications to external systems enabling automated workflows |
| Workflows | Automated response procedures triggered by specific events with customizable sequences for handling incidents |
User Management and Access Control
| Term | Definition |
|---|---|
| Access Control | Role-based permission system controlling user capabilities with Admin and Viewer roles |
| Audit Logging | Tracking and recording of user activities within the platform for accountability and compliance |
| Team Management | Organizational structure for grouping users and managing access with scalable permission management |
Device Management
| Term | Definition |
|---|---|
| Device Services | Platform services managing communication with storage systems: Audit (Online) and Control (Online) |
| Managed Device | Storage system under Superna platform control and monitoring, added through device addition wizard |
| Qumulo | Scale-out NAS storage platform supported by Superna 5.x, requiring IP address, credentials, and syslog configuration |
Data Protection and Recovery
| Term | Definition |
|---|---|
| Snapshots (Files) | Point-in-time copies of files used for data recovery, supported on Vast, Qumulo, PowerScale, Pure FB FA systems |
| Versioning (Objects) | Feature maintaining multiple versions of objects for recovery, supported on AWS, VAST, Pure FB, S3, Qumulo, PowerScale, ObjectScale |
Integration and Automation
| Term | Definition |
|---|---|
| Forensic Workflows | Established investigation procedures for systematic incident analysis and evidence collection |
| Query Management | Advanced search capabilities for finding specific events or patterns during forensic investigations |
| Remediation Actions | Automated or manual steps to resolve identified issues as part of the health check system |
Understanding the Platform
These concepts form the foundation of Superna 5.x. Familiarizing yourself with these terms will help you navigate the platform more effectively and make the most of its security and data management capabilities.