Endpoint Security Supplementary IOCs

These real-time IOCs are designed to supplement FireEye Endpoint Security’s production indicators, for environment-specific detection and testing, like tests based on MITRE’s ATT&CK framework. Most of these IOCs will require substantial tuning to use in a production environment, as they will alert on legitimate activity. Some IOCs may work well, depending on the practices of the organization, for instance the sdelete and psexec IOCs. These IOCs should be used as examples, starting points for tuning, or for testing. They should not be bulk uploaded to a production controller, as is.

These IOCs should be viewed and edited using the IOC Editor (IOCe) 3.1.4 or above, available here: https://fireeye.market/apps/211404

These IOCs can be uploaded to the FireEye Endpoint Security controller using an API tool like ioc_upload.py, available at https://fireeye.market/apps/234559. They can be used with Enterprise Search, using HXTool or ioc_search.py, available at https://fireeye.market/apps/234555.

Authentication RequiredDownloading this app requires a FireEye subscription to use and is only accessible for FireEye users with an active FireEye Support account. If you already have an account, please . Otherwise, please request Support Access or Contact Sales to learn more about becoming a FireEye customer.

Support

Developer:FireEye

App Info

Version:1.0.0
Size:0.13 MB
MD5:b117f83c0224299406469103ad34148f
SHA1:59956d8b1de0a296704a12eb71050512887b2dde
SHA256:96861d74e84f92e8a094598bd35122b2fd277391730dbed8ddf0adb5483613bd

New & Noteworthy