- EDR tool ingested an alert ito Siemplify regarding suspicious file activity on employee’s computer. The case was marked as suspicious by EDR because the file was communicating to external IP.
- After conducting an investigation an analyst classified this incident as a Malware Beaconing C&C. IP and Hash were marked as suspicious in the Company’s Siemplify environment.
- Siemplify Playbook sends external alert entities (IP, file hash) to ThreatFuse for evaluation. The action returned the following results:
188.8.131.52 – was not enriched in ThreatFuse
46930ec6d7ddf5fc7dc7e08fe5ec4bf6 – was not enriched in ThreatFuse
IP and Hash were submitted to ThreatFuse.
Need more help with this?
Click here to open a Support ticket
Thanks for your feedback.