Share Blog Post
- Cyware Threat Intelligence eXchange (CTIX)
- Cyware Fusion and Threat Response (CFTR)
- Cyware Situational Awareness Platform (CSAP)
- Enrichment Tools
- Vulnerability Management Solution
- Quarantine compromised assets through possible solutions (AV/EDR)
- Kill malicious process(es) running on the compromised endpoints (EDR)
- Enrich unknown hashes found through EDR associated/connecting with known IOCs/IOAs
- Add identified IOCs/IOAs to the SIEM Reference list for future detections.
- Block the indicators on the respective solution(s) as per the type of the indicator i.e. Domain/URL on Proxy, IP on Firewall, hashes on AV/EDR, and others.
- Add any newly identified indicators to CTIX/TIP
- Deploy the Yara signatures on IPS/IDS devices.
- Run a malware hunt on EDR technology to identify compromised assets.
- Run a search query on SIEM for other log traces of compromise.
- Take a snapshot/memory dump of the endpoint.
- Create Incidents/Requests for compromised assets for Digital Forensics and Incident Response.
- Notify appropriate stakeholders with Incident details and suggested actions via CSAP and/or Email.
- Search assets with identified Vulnerabilities using Vulnerability Management System (VMS).
- Create priority patching requests for assets with identified Vulnerability (VMS).
Posted on: January 04, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
Explore Industry Briefs
Cyware for Enterprise
Adopt next-gen security with threat intelligence analysis, security automation...
Cyware for ISACs/ISAOs
Anticipate, prevent, and respond to threats through bi-directional threat in...