1. EDR tool ingested an alert ito Siemplify regarding suspicious file activity on employee’s computer. The case was marked as suspicious by EDR because the file was communicating to external IP.
    HASH: 46930EC6D7DDF5FC7DC7E08FE5EC4BF6
    IP: 91.195.240.87.
  2. After conducting an investigation an analyst classified this incident as a Malware Beaconing C&C. IP and Hash were marked as suspicious in the Company’s Siemplify environment.
  3. Siemplify Playbook sends external alert entities (IP, file hash) to ThreatFuse for evaluation. The action returned the following results:
    91.195.240.87 – was not enriched in ThreatFuse
    46930ec6d7ddf5fc7dc7e08fe5ec4bf6 – was not enriched in ThreatFuse
    IP and Hash were submitted to ThreatFuse.

Need more help with this?
Click here to open a Support ticket

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.