Ransomware Hunter natively integrates with ArcSight and leveragesstatistical profiling and behavioral analysis methods, OSINT feeds including Ransomware Tracker by Abuse.ch and Detect Tor feed as well as strictly defined correlation rules. This enables organizations to spot and stop any Ransomware as early as possible. Due to adversaries continuously bypassing traditional defense systems in both wide-spectre and targeted attacks (APT), accurate and timely detection followed by Incident Response can completely prevent any threat and damage posed by Ransomware. Ransomware Hunter provides detection and automatic alerting capabilities at Reconnaissance, Delivery, Exploitation, Installation, Command and Control (C2) and Action on Objectives phases, thus covering full threat Life-cycle according to Cyber Kill Chain methodology.
- HPE ArcSight ESM 6.9 or higher;
It also requires properly configured categorization for Log Sources.
Recommend install Data Quality Framework package to control categorization. Additional: Any Linux server or workstation with access to SIEM and web sites (https, port 443) for script:
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox