Ransomware Hunter

178792

SOC Prime Community

SOC Prime | Community

Ransomware Hunter natively integrates with ArcSight ESM and leverages statistical profiling and behavioral analysis methods, OSINT feeds including Ransomware Tracker by Abuse.ch and Detect Tor feed as well as strictly defined correlation rules.

Description

Ransomware Hunter natively integrates with ArcSight and leveragesstatistical profiling and behavioral analysis methods, OSINT feeds including Ransomware Tracker by Abuse.ch and Detect Tor feed as well as strictly defined correlation rules. This enables organizations to spot and stop any Ransomware as early as possible. Due to adversaries continuously bypassing traditional defense systems in both wide-spectre and targeted attacks (APT), accurate and timely detection followed by Incident Response can completely prevent any threat and damage posed by Ransomware. Ransomware Hunter provides detection and automatic alerting capabilities at Reconnaissance, Delivery, Exploitation, Installation, Command and Control (C2) and Action on Objectives phases, thus covering full threat Life-cycle according to Cyber Kill Chain methodology.

Minimum Requirements

SIEM Requirements:

   - HPE ArcSight ESM 6.9 or higher;


It also requires properly configured categorization for Log Sources.

Recommend install Data Quality Framework package to control categorization. Additional: Any Linux server or workstation with access to SIEM and web sites (https, port 443) for script:  


Releases

Release
Size
Date
Ransomware Hunter 2.1
913.0 KB
  |  
Oct 2, 2017
More info Less info
Buy
Product Compatibility
ESM
Version 7.0
Version 6.9.1 · 6.11.0
ESM Express
Version 6.9.1
Release Notes

   Version 2.1  

  • Disabled historical rules by default and removed rule folder scheduled job
  • False positives reduction. Now all rules trigger only on connections to ransomware sites that have status “Online” in abuse.ch

Version 2.0:  

  •   Added Windows file audit monitoring
  •   Increased Active List capacity
  •   Updated documentation, added resource description

Version 1.5  

  •   False positives reduction
  •   Added Kill Chain categorization to events
  •   Added SOC channel
  •   Added historical correlation for better accuracy and false-positive reduction
  •   Granular prioritization of correlated events
  •   Added detection of Tor Network communication
  •   Updated script. Fixed minor bugs

Version 1.0:  

  •   Initial version.
Languages
English
Buy

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox