How to use your free seedata.io account

Why do you need one? Where should you put your seeds? Who gets alerts?

All new tools and platforms come with a learning curve. Seemingly, lots of them also come with hoops to jump through and barriers to adoption that increase friction for any eager user who may want to see how good the service could be for them. We recognise this as a major headache for everybody involved, so we’ve done two things, deliberately to combat this:

  1. Built an intuitive platform, easy-to-implement platform with plenty of guidance
  2. Provided a free-forever account that anybody can sign-up for

This post will help you understand a couple of options on how to get value from the free account, and signpost you to some more detailed explanations on how to configure it. As always, we’re available to help anytime, on support@seedata.io

What does the free account give?

Basically, everything that paid account will give you, but with a one-off provision of credits to use rather than a recurring subscription. 

You can use all features, and benefit from all analysis and integrations. You can add unlimited users and configure al the alert recipients you need. Plus, we give you 5 credits to use within the first month of signing up.

The credits do expire, so it’s a “use it or lose it” scenario, but the seeds you create with those credits, and our full monitoring, analysis and alerting services will be available forever.  

Where should you put your seeds?

Seeds are the deceptive assets that you deploy across your environment to force attackers into revealing themselves. We offer a wide range of seed types, to blend in with your existing assets. When choosing locations to deploy, consider the detection scenario you would most benefit from. For instance, are you looking for:

  • Intelligence on the attack traffic happening on your perimiter; or
  • Alerts on insider threat privilege misuse. 

The following deployment scenarios could be considered quick wins for typical users of our platforms. 

Your DMZ

Use our honeypots in your DMZ (or our managed honeypots using just a DNS redirect) to get alerts on early reconnaisance activity against your internet facing network.

Your CRM

Use our ‘person’ type seeds to represent customers in your CRM, and identify incidents of data theft and misuse by malicious insiders or 3rd party suppliers. 

Your web applications

Use our seeded images or web pages within your existing web applications to detect attack sources and the techniques being used.

Your cloud platforms

Deploy our infrastructure seeds in your cloud hosting platforms to detect east-west lateral movements by attackers who have breached existing preventative controls.

Your file storage

Seeded documents deployed to your unstructured document repositories can help detect curious staff and malicious attackers, snooping in places they should not be snooping.

Your code repositories

Use our webpages, images and credential type seeds in your private repositories to detect privilege abuse and misuse or misconfiguration incidents.

Where should you send alerts?

Alerts are the messages we deliver to inform you of an event against one of your seeds. We can send them to a wide range of platforms, or you can come collect them from us using our API’s

You should aim to receive alerts wherever the following step of your incident response processes start from. Below are a few typical suggestions.

For many of you, this will be a SIEM or SOAR tool (splunk, Q-Radar, etc), or maybe a ticketing/service desk platform (Jira, ServiceNow, etc). You may also want some human oversight, in a comms platform (email, Slack, etc). 

SIEM / SOAR / XDR

Technologies such as Splunk, Crowdstrike or Palo Alto analyse events and make complex decisions on automated responses.

Service desk

Platforms such as Jira or ServiceNow, where a ticket is used as the beginning of an incident review process.

Comms

Channels like email and Slack, where your wider processes may start with (or be supported by) human oversight.

Full instructions on how to enable all these features and scenarios are available in our docs site (https://docs.seedata.io)

If you’re time-limited, theres a specific “Quick Start guide, here: https://docs.seedata.io/getting-started/quick-start. If you get stuck, or need something adding to our platform to help you get more value, contact us here: support@seedata.io

Sign up for your free account

All features enabled, no credit card needed, and free forever.