Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.

Slides:



Advertisements
Similar presentations
What’s New in Fireware XTM v11.3.2
Advertisements

3D Tool Examples Dave Breslin Tenable Discussions Forum)
Setting up an E-XL A Step by Step Tutorial Engineering Consultants Group, Inc.
Leveraging Continuous View to Hunt Malware. Why hunt for malware? Scanned services Unauthorized systems Patches Config Unauthorized software Malware Malware.
ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
SecurityCenter Reporting Nessus Scan Report. SecurityCenter Reports For customers who use Nessus for vulnerability scanning and then move to SecurityCenter,
Security Audit Principles and Practices Chapter 11.
Nessus – A Vulnerability Scanning Tool SUNY Technology Conference June 2003.
User Responsibility A “How To” Guide for SecurityCenter.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
1 Enabling Secure Internet Access with ISA Server.
Vulnerability Types And How to Use Them.
Security Guidelines and Management
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
Using Iterators in Reports
1 SMTP Transport Configuration SMTP Configurations and Virtual Servers Customizing the SMTP Service.
Ch 8-3 Working with domains and Active Directory.
Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Malware Hunter How To Guide for SecurityCenter Continuous View™
Using Windows Firewall and Windows Defender
Supplied on \web site. on January 10 th, 2008 Reducing Risk Through Incremental Malware Detection January 2008.
COEN 252 Computer Forensics Collecting Network-based Evidence.
MIS Week 6 Site:
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project.
Standardized Threat Indicators Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect Intelligence Research.
Brad Baker CS591 Spring 2007 Term project 10/15/ Pktfilter modification - Brad Baker.
Using Assets with Dashboards A Guide. About this Guide This guide shows how to create, export, and load a dashboard that requires an asset This guide.
11 SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL Chapter 9.
How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
MIS Week 6 Site:
Troubleshooting Security Issues Lesson 6. Skills Matrix Technology SkillObjective Domain SkillDomain # Monitoring and Troubleshooting with Event Viewer.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
How do I export the Address Book to Excel? The first step is to go to "Address Book Report" under Admin Only menu Choose the fields you want. note that.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
SecurityCenter & Palo Alto Configuration Guide. About this Guide This guide provides an overview of how to get the most from Palo Alto firewalls when.
Using Find / Update in SecurityCenter Reports A “How To” Guide for SecurityCenter.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
Chapter 5 Initial Development of Leads Spring Incident Response & Computer Forensics.
Role Of Network IDS in Network Perimeter Defense.
NESSUS. Nessus Vulnerability Scanner Features: Ease of use Deep Vulnerability Analysis Discover network based and local vulnerabilities Perform configuration.
Banner XE Faculty Grade Entry. Accessing Faculty Grade Entry The following browsers are recommended for use with SAIL: (Windows) IE 9.0, IE 10.0, or IE.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Dimension v2.1.
Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Web Server Administration Chapter 11 Monitoring and Analyzing the Web Environment.
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Automating Security Frameworks
Enabling Secure Internet Access with TMG
Configuring Windows Firewall with Advanced Security
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Principles of Computer Security
Risks & Reality Cyber Security Risks & Reality
Exploring Microsoft® Access® 2016 Series Editor Mary Anne Poatsy
Introduction to Systems Security
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect Intelligence Research Team (TCIRT) Community Notifications

Slide Sections Using Address Indicators with SecurityCenter Using File Indicators with SecurityCenter Using Host Indicators with SecurityCenter Using URL Indicators with SecurityCenter Using File Indicators with Nessus

Using Address Indicators with SecurityCenter Step 1 – Export Address Indicators Using Tenable Format Step 2 – Create a Watchlist from Address Indicators Step 3 – Filter Events by Watchlist Step 4 – (Optional) Create Query for 3D Tool Step 5 – Save Asset List of All Addresses Step 6 – Perform Audit Analysis Using Asset List Step 7 – Perform Event Analysis Using Asset List Step 8 – (Optional) Create List of Internal Addresses Step 9 – (Optional) Nessus Audit of Internal Addresses

Step 1 – Export Address Indicators Using Tenable Format

Step 2 – Create a Watchlist from Address Indicators

Step 3 – Filter Events by Watchlist Inbound or outbound If there arent events after applying filters theres no need to continue with further steps.

Step 4 – (Optional) Create Query for 3D Tool

Step 5 – Save Asset List of All Addresses

Step 6 – Perform Audit Analysis Using Asset List Recommended Reading – Predicting Attack PathsPredicting Attack Paths

Step 7 – Perform Event Analysis Using Asset List Recommended Reading – Tenable Event CorrelationTenable Event Correlation

Step 8 – (Optional) Create List of Internal Addresses Only

Step 9 – (Optional) Nessus Audit of Internal Addresses

Using File Indicators with SecurityCenter Step 1 – Export Hashes Using Tenable Format Step 2 – Upload Hashes to Scan Policy Step 3 – Perform a Scan Using Credentials Step 4 – Review Scan Results Step 5 – Save Asset List of Infected Hosts Step 6 – Perform Audit Analysis Using Asset List Step 7 – Perform Event Analysis Using Asset List Step 8 – (Optional) Use Asset List with 3D Tool

Step 1 – Export Hashes Using Tenable Format

Step 2 – Upload Hashes to Scan Policy Recommended Reading – Malware Detection and Forensics Scan ConfigurationMalware Detection and Forensics Scan Configuration

Step 3 – Perform a Scan Using Credentials Recommended Reading – Nessus Credential Checks for UNIX and WindowsNessus Credential Checks for UNIX and Windows

Step 4 – Review Scan Results If there arent infected hosts theres no need to continue with further steps.

Step 5 – Save Asset List of Infected Hosts

Recommended Reading – Predicting Attack PathsPredicting Attack Paths Step 6 – Perform Audit Analysis Using Asset List

Step 7 – Perform Event Analysis Using Asset List Recommended Reading – Tenable Event CorrelationTenable Event Correlation

Step 8 – (Optional) Use Asset List with 3D Tool

Using Host Indicators with SecurityCenter Step 1 – Filter Events by Host Step 2 – Perform Further Analysis Recommended Reading – Using Log Correlation Engine to Monitor DNSUsing Log Correlation Engine to Monitor DNS

Step 1 – Filter Events by Host

Step 2 – Perform Further Analysis See slides for Using ThreatConnect Address Indicators steps 5 through 9 if there are events found after applying filters. Filtering by the domain summary event before saving the asset list will get you a list of only those hosts that performed a DNS lookup for the host indicator.

Using URL Indicators with SecurityCenter Step 1 – Divide Host and Location from URL Step 2 – Filter Events by Host Step 3 – Save Asset List Step 4 – Filter Events by Location Step 5 – Perform Further Analysis

Step 1 – Divide Host and Location from URL

Step 2 – Filter Events by Host Use Host in Syslog Text filter Use web-access in Type filter If there arent events after applying filters theres no need to continue with further steps.

Step 3 – Save Asset List

Step 4 – Filter Events by Location Use Location in Syslog Text filter Use Asset List in Source Asset filter If there arent events after applying filters theres no need to continue with further steps.

Step 5 – Perform Further Analysis See slides for Using ThreatConnect Address Indicators steps 5 through 9 if there are events found after applying filters. We will be creating a second and final asset list to use for further analysis. Verify the URL is matched correctly by looking at the web-access details in Step 4. Steps 1 through 4 perform an intersection; however, its by host.

Using File Indicators with Nessus Step 1 – Export Hashes Using Tenable Format Step 2 – Use Windows Malware Scan Wizard Step 3 – Perform Scan and Review Results

Step 1 – Export Hashes Using Tenable Format

Step 2 – Use Windows Malware Scan Wizard

Step 3 – Perform Scan and Review Results

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.