CB_Malware_Known_Malware
ID: 100230
Description:
CarbonBlack Malware alert
Repository: Group: CarbonBlack Type: event
Default Status:
Enabled
| Tags: |
|---|
| Carbon Black |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @cb.threatInfo.threatCause.threatCategory | KNOWN_MALWARE |
| @source | carbonBlackPSC |
| Field | MUST NOT hit |
|---|---|
| @cb.threatInfo.threatCause.reputation | TRUSTED_WHITE_LIST |
| @cb.threatInfo.score | 1 |
| 2 |
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @cb.deviceInfo.deviceName | asset | security alert |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| ALERT_END_POINT | 800 | alert |
| ALERT_HIGH_CONFIDENCE | 2000 | alert |
Attributes:
| Alias | Key |
|---|---|
| Hostname | @cb.deviceInfo.deviceName |
| Username | @cb.deviceInfo.email |
| IP | @cb.deviceInfo.internalIpAddress |
| FileHash | @cb.threatInfo.threatCause.actor |
| Origin | @cb.threatInfo.threatCause.originSourceType |
| OS | @cb.deviceInfo.deviceVersion |
| Description | @cb.threatInfo.summary |
| Score | @cb.threatInfo.score |
| IncidentID | @cb.threatInfo.incidentId |
| Threat Reputation | @cb.threatInfo.threatCause.reputation |
| Threat Application Name | @cb.threatInfo.indicators.applicationName |
| Threat Indicator Name | @cb.threatInfo.indicators.indicatorName |
| ActorName | @cb.threatInfo.threatCause.actorName |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewAsset | 10 days | @cb.deviceInfo.deviceName |
| Risks: | ML_NEW_ASSET | |
| NewActor | 10 days | @cb.threatInfo.threatCause.actor |
| Risks: | ML_NEW_FILE |
History:
| User | Date |
|---|---|
| ku*n@fluencysecurity.com | 2021 Apr 6 13:44:59 EDT |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)