标签:cti
原文链接:Threat Intelligence: Reduce the Gap
无论如何,面对安全威胁事件,有三个方面必须考虑:
从简单的产品介绍来看,主要按照以下图示工作:
information about that malicious file and its behavior is now part of the threat intelligence service database and can also be pushed out to Intrusion Prevention Systems and Network Firewalls to block the file at the network level preventing further infection.
也就是说,建立数据库,存放关于恶意文件的信息和其行为特征。并将这些推送到入侵防御系统和网络防火墙上已阻止攻击与感染。
With Tripwire you can take in peer and community sourced indicators of compromise, leveraging STIX and TAXII standards, or through tailored commercial threat intelligence services. Tripwire proactively identifies indicators of advanced threats and targeted attacks or IOCs.
These IOCs are automatically downloaded to Tripwire Enterprise where it will search forensics data to see if it is already in the database or something that has never been seen before. Tripwire will then also start monitoring for this IOC in all new changes. If a threat is detected, you get alerted and can drive remediation based on the properties you have set in Tripwire.
主要是将IOC (恶意代码迹象库)自动下载(个人认为就是按照时间的差值进行poll操作),通过本地查询与分析,将和自己企业相关的indicators添加到新的规则中,同时开始新的规则监控。
IOC (indicators of compromise),我一直不知道这个名字到底怎么翻译更接地气。。
标签:cti
原文地址:http://blog.csdn.net/bugmeout/article/details/46548437
