Share Blog post
- Custom threat indicators are specialized patterns of relevant observable malicious activities that Incident Response Analysts can track to identify and manage threat intelligence as per their specific threat response needs.
- These indicators are different from the standard indicators of compromise (IOCs) such as IP addresses, domain names, malicious URLs, and hashes.
- Some examples of custom threat indicators include file names, file paths, running services, credit card numbers, IMEI numbers, registry keys, fully qualified file names (FQFN), services, criminal records, etc.
- During incident investigations, Incident Response Analysts come across several special indicators that they find necessary to document.
- These indicators help analysts to interpret and handle malicious activity in their operational cyber domain.
- For Example - If multiple endpoints display similar behavior for a service that is being executed from a specific file path, then Threat Response Analysts can leverage these custom indicators to gain more information about the threat activity.
- Therefore, it is important for threat response platforms to be flexible to allow capturing and enrichment of these indicators.
- Incident Response Admins: The platform allows Incident Response Admins to define custom indicators and indicator properties.
- Incident Response Analysts: The platform allows Incident Response Analysts to capture these indicators and their attributes during the incident investigation and leverage them to connect the dots with different threats such as malware, vulnerabilities, threat actors, or past incidents.
- SOC Managers: The capability also allows the SOC managers to gain more visibility into their organization’s threat profile by creating KPI and KRI reports for these indicators.
- Custom Connectors: The platform allows for the creation of custom connectors via Cyware Security Orchestration Layer (CSOL) for the enrichment of these indicators from trusted sources.
Posted on: May 01, 2020
Get the Cyware Blog delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.