- EDR tool ingested an alert ito Siemplify regarding suspicious file activity on employee’s computer. The case was marked as suspicious by EDR because the file was communicating to external IP.
HASH: 46930EC6D7DDF5FC7DC7E08FE5EC4BF6
IP: 91.195.240.87. - After conducting an investigation an analyst classified this incident as a Malware Beaconing C&C. IP and Hash were marked as suspicious in the Company’s Siemplify environment.
- Siemplify Playbook sends external alert entities (IP, file hash) to ThreatFuse for evaluation. The action returned the following results:
91.195.240.87 – was not enriched in ThreatFuse
46930ec6d7ddf5fc7dc7e08fe5ec4bf6 – was not enriched in ThreatFuse
IP and Hash were submitted to ThreatFuse.
Need more help with this?
Click here to open a Support ticket