Threat hunting is the process of searching your network for known malicious actors with the help of threat intelligence feeds. Threat intelligence feeds provide structured and contextual information about malicious IPs, domains, URLs, hashes, Indicators of Compromise (IoCs), Indicators of Attack (IoAs), and Tactics, Techniques, and Procedures (TTPs) of attackers.
When your system falls a victim to a malware attack, multiple malicious files can be installed on your system. These files masquerade their existence and execute undesirable procedures in your systems until they are discovered.
Such files can be located at certain directories that make them look legitimate, such as a temp file in C:\Users\{User_name}\AppData\Local. These malware files can track user activities, record keyboard strokes and system screens to obtain sensitive and valuable information.
If you suspect the existence of malicious files in your system, you can simply compare the MD5 hash values of suspected files with a list of malicious MD5 hash values provided by a reliable threat intelligence feed.
All the above information can help IT security teams obtain an overview of the targeted attack.
Once you identify files with malicious MD5 hash values, you have to analyze your network logs to discover all the activities carried out by these files. Your network logs can give you information about the following:
The above information can help IT security teams to ascertain the overall damage caused by these files in your network. Manually searching for these IoCs in your network can be tedious. You may not be able to identify and terminate all processes initiated by these files just in time to prevent an attack. You can use a security information and event management (SIEM) solution that can accurately identify IoCs and correlate all activities happening across your network to provide you insights about an incident or attack.
Log360 is a SIEM solution that can collect, parse and correlate logs from all network devices. It analyzes the logs and provides comprehensive and intuitive reports about all network activities. It can identify malicious IPs communicating with your network with the help of threat intelligence feeds sourced from trusted platforms like STIX, TAXII, and AlienVault OTX. Log360 can spot deviant and anomalous activities in your network and raise real time alerts to notify IT security admins via SMS and email of a targeted attack.
Check out Log360's features to see how it can help you stay ahead of cyber attackers.
Zoho Corporation Pvt. Ltd. All rights reserved.
