Similar Posts
The Global Hunt (Tanium)
Goal: Use a “Fingerprint” (MD5 Hash) to see if a file is on any computer in the company. The “Checklist”
The Architects of Thought: Babbage, Lovelace, and the Birth of Computing
Introduction Long before the first transistor or the first line of code, the blueprint for the digital age was etched into brass gears and Victorian imagination. At New World Intelligence, we look forward—but to understand where technology is going, we must look back at the duo who first realized that machines could do more than…
Axonius — Tool Overview
What is Axonius? Axonius is a Cyber Asset Attack Surface Management (CAASM) platform that aggregates and correlates device and user data from across the organization’s existing security and IT tools. Rather than replacing existing tools, Axonius continuously normalizes, deduplicates, and enriches aggregated asset data to provide a complete and accurate picture of the entire technology…
Cyber Analysis 101
To look for hashes in your environment, you should check devices using an enterprise EDR or a similar solution with visibility into each connected device. But first, it is recommended to research the hash via a reputation tool such as VirusTotal – Home. To find IP addresses in your environment, use an enterprise SIEM solution…
Endpoint Analysis 101
Endpoint Analysis & Asset Investigation — L1 SOC Analyst Guide Overview This guide covers the initial steps for investigating endpoint alerts for the L1 Analyst onboarding. The focus is on determining whether a known malicious hash exists in the environment and identifying the affected device and its user. By the end of this section you…
The Triple Punch
Standard Endpoint Investigation Workflow Objective: To determine if a file is safe or malicious, find out who has it, and confirm if security controls (Antivirus) took action. Punch 1: The Inventory Hunt (Scope & Presence) Punch 2: The Reputation Check (Global Intel) Punch 3: The Log Audit (Security Action) Investigation Summary Checklist