![]() Choose Intezer Analyze app, and selecet the relevant action from the listĤ. Get the analysis report by analysis ID Input: Malware Family - Specifies the classification of the file based on the code reuse findings (e.g WannaCry, Lazarus, Magic Hound, zlib).The verdict indicates whether a file is malicious, trusted, unknown or suspicious. File verdict - Indicates the verdict of the Intezer Analyze file analysis, which is based on code reuse and other artifacts.Detonate file - Analyze a file with Intezer AnalyzeĪnalyze a hash with Intezer Analyze Input:. ![]() Get Report - Get the analysis report by analysis ID.File Reputation - Analyze a hash with Intezer Analyze.This app provides a three actions that can be used in Splunk SOAR (Phantom): This information can help not only get a malicious verdict but much more context for accelerating and tailoring incident response. Utilizing Intezer’s technology, can gain additional unique information about alert, such as: malware family, threat actor, similarities to other known malware and more. The teams lack context on these alerts: Are these indicate a real incident or not? What is the risk and the impact? How to respond? The alerts can be on a specific file, hash, or on the endpoint itself. Security teams face many alerts from their endpoint protection solution.
0 Comments
Leave a Reply. |