We use cookies to improve your experience. Do you accept?

Manage Custom Threat Indicators (IOCs) with CFTR version 2.1

Manage Custom Threat Indicators (IOCs) with CFTR version 2.1 - Featured Image

Indicators of Compromise (IoCs) May 1, 2020

What are Custom Threat Indicators?

  • Custom threat indicators are specialized patterns of relevant observable malicious activities that Incident Response Analysts can track to identify and manage threat intelligence as per their specific threat response needs.

  • These indicators are different from the standard indicators of compromise (IOCs) such as IP addresses, domain names, malicious URLs, and hashes.

  • Some examples of custom threat indicators include file names, file paths, running services, credit card numbers, IMEI numbers, registry keys, fully qualified file names (FQFN), services, criminal records, etc.

What is the need for Custom Threat Indicators?

  • During incident investigations , Incident Response Analysts come across several special indicators that they find necessary to document.

  • These indicators help analysts to interpret and handle malicious activity in their operational cyber domain.

  • For Example - If multiple endpoints display similar behavior for a service that is being executed from a specific file path, then Threat Response Analysts can leverage these custom indicators to gain more information about the threat activity.

  • Therefore, it is important for threat response platforms to be flexible to allow capturing and enrichment of these indicators.

Do Cyware’s platforms support Custom Threat Indicators?

The Cyware Fusion and Threat Response (CFTR) platform allows Incident Response Analysts to create their own custom threat indicators of compromise (IOCs) to meet the specific threat intelligence management needs of their organization.

  • Incident Response Admins : The platform allows Incident Response Admins to define custom indicators and indicator properties.
  • Incident Response Analysts : The platform allows Incident Response Analysts to capture these indicators and their attributes during the incident investigation and leverage them to connect the dots with different threats such as malware, vulnerabilities, threat actors, or past incidents.
  • SOC Managers: The capability also allows the SOC managers to gain more visibility into their organization’s threat profile by creating KPI and KRI reports for these indicators.
  • Custom Connectors : The platform allows for the creation of custom connectors via Cyware Security Orchestration Layer (CSOL) for the enrichment of these indicators from trusted sources.

An Added Advantage

The custom indicator capability allows threat response teams to mature their response operations by tracking, enriching, and connecting the dots between various threat elements and drawing enhanced contextual intelligence for enhanced threat response.

Related Blogs

Purple Arrows of Light

ROI of Cyber Fusion: Quantifying the Value of Threat Intelligence and Orchestration

Learn how to enhance cybersecurity with Cyber Fusion, streamlined threat intelligence, and orchestration. Break down siloes, improve SOC efficiency, and achieve cost-effective, proactive threat management.

Cyber FusionThreat IntelligenceSecurity OrchestrationCybersecurity ROI
Building Better Security: Bridging SOCs to Cyber Fusion Centers - Featured Image

Building Better Security: Bridging SOCs to Cyber Fusion Centers

In today's ever-evolving cybersecurity landscape, traditional Security Operations Centers (SOCs) are transforming into advanced Cyber Fusion Centers. This trans

Cyber Fusion and Threat ResponseCyber Fusion CenterSecurity Operations Center (SOC)SOAR
Cyware Recognized as One of the Hottest Privately Held Cybersecurity Companies by JMP Cyber 66 - Featured Image

Cyware Recognized as One of the Hottest Privately Held Cybersecurity Companies by JMP Cyber 66

Staying ahead of threats requires not just vigilance but also innovative solutions that adapt to emerging challenges. Cyware, a leading threat intelligence mana

artificial intelligenceThreat intelligenceArtificial Intelligence (AI)security orchestration automation and response
Threat Intelligence: The Evolution to Evidence-Based Action - Featured Image

Threat Intelligence: The Evolution to Evidence-Based Action

[Threat Intelligence](https://cyware.com/educational-guides/cyber-threat-intelligence) is designed for, and highly capable of delivering, enhanced security oper

Threat intelligenceTIPSOARCyber Fusion
6 Vulnerability Management Challenges (and How To Overcome Them) - Featured Image

6 Vulnerability Management Challenges (and How To Overcome Them)

Despite hardworking vulnerability management teams, unpatched vulnerabilities remain. A typical organization has _tens of thousands_ of open vulnerabilities—and

Continuous MonitoringSecurity Visibilityvulnerability managementCyber Fusion
The State of Vulnerability Management (and What Comes Next) - Featured Image

The State of Vulnerability Management (and What Comes Next)

Maintaining effective vulnerability management is like eating broccoli. Everybody knows it’s good for you… and yet, nobody wants to do it. The reasons why

Unpatched Vulnerabilitiesvulnerability managementCyber Fusion
Build Custom Threat Response Case Management Workflows with Cyware - Featured Image

Build Custom Threat Response Case Management Workflows with Cyware

Every security team has unique security requirements that drive their threat response workflows. We provide every such team the flexibility to build their own c

Use CaseMean-Time-to-Respond (MTTR)Threat VisibilityCyber Fusion
Don’t Miss Any Critical Task in Incident Response! Auto-Create Actions Now. - Featured Image

Don’t Miss Any Critical Task in Incident Response! Auto-Create Actions Now.

When an incident occurs, security teams create and define actions manually, which increases their [mean time to respond (MTTR)](https://cyware.com/educational-g

Cyware Fusion and Threat Response (CFTR)CFTRUse CaseAction library
Drive Automated Threat Response Strategy with Cyware's New Rule Engine - Featured Image

Drive Automated Threat Response Strategy with Cyware's New Rule Engine

Incident response teams spend a significant amount of their time performing routine tasks that delays threat response. In [CFTR](https://cyware.com/cyware-fusio

Use CaseRule EngineAutomationCyber Fusion
Cyware’s New Multi-Tenancy Dashboard Enables MSSPs to Gain Threat Visibility Across Customer Environments - Featured Image

Cyware’s New Multi-Tenancy Dashboard Enables MSSPs to Gain Threat Visibility Across Customer Environments

[Managed security service providers (MSSPs)](https://cyware.com/cyware-managed-security-service-providers-mssps) must have capabilities to support multiple tena

Use CaseIncident ManagementMSSP dashboardMSSP
Information Sharing for Incident Response Teams is Now Easy with Cyware’s Slack Integration - Featured Image

Information Sharing for Incident Response Teams is Now Easy with Cyware’s Slack Integration

With more security teams working remotely than ever before, team collaboration and communication often become patchy. In our latest release, we have integ

Slack IntegrationCyware Fusion and Threat Response (CFTR)CFTRUse Case
Discover a Smarter Way to Synchronize Data with Cyber Fusion Center - Featured Image

Discover a Smarter Way to Synchronize Data with Cyber Fusion Center

Security teams work through processes of several inter-connected workflows for threat detection, analysis, and response that requires continuous data collection

Use CaseData SyncCyware OrchestrateCyber Fusion