Similar Posts
False Positive vs. True Positive
The distinction between a false positive and a true positive hinges on a single question: Did the tool or rule do what it was designed to do? True Positive A true positive occurs when a rule fires correctly, in accordance with its defined logic and conditions. The detection behaved exactly as intended based on how…
Cloud Computing
https://aws.amazon.com/compliance/shared-responsibility-model
The Global Hunt (Tanium)
Goal: Use a “Fingerprint” (MD5 Hash) to see if a file is on any computer in the company. The “Checklist”
Cyber Analysis 101
To look for hashes in your environment, you should check devices using an enterprise EDR or a similar solution with visibility into each connected device. But first, it is recommended to research the hash via a reputation tool such as VirusTotal – Home. To find IP addresses in your environment, use an enterprise SIEM solution…
Tanium — Tool Overview
What is Tanium? Tanium is an enterprise endpoint management and security platform that enables real-time visibility and control across every device in the environment. Unlike traditional security tools that rely on scheduled scans or passive data collection, Tanium queries endpoints directly and returns results in real time. For SOC analysts, this means the ability to…
Standard Endpoint Investigation
Objective: Determine the distribution of a specific file across the environment to establish a baseline for the investigation. Exercise Note: For this instructional walkthrough, a Standard Reference MD5 Hash is utilized. This allows the Analyst to practice the workflow using a known, high-incidence file to ensure the system and parameters are responding as expected. Step…