Indication of Compromise.
Qualys Cloud Platform to deliver threat hunting, detect suspicious activity, and confirm the presence of known and unknown malware for devices both on and off the network.
From Qualys IOC’s single console, you can monitor current and historical system activity for all on-premise servers, user endpoints, and cloud instances — even for assets that are currently offline or have been re-imaged by IT.
Qualys IOC utilizes the Cloud Agent to capture endpoint activity on files, processes, mutant handles (mutex), registries, and network connections, and uploads the data to the Qualys Cloud Platform for storage, processing, and query. Specific event details include:
- File name, path, MD5/SHA256 hash, size, create/delete date, version and more
- Process name, process arguments, process ID, image path, image MD5/SHA256 hash, elevated status, running/terminated status, username, loaded modules, parent process name, parent process ID, and more
- Mutex handle name, process name, process ID, process arguments, process image name, process image path, process image MD5/SHA256 hash, and more
- Registry key, value, data, detection date, image details
- Network connections for running process, local IP/Port, remote IP/Port, remote resolved fully qualified domain name, protocol, state, process name, process ID, process arguments, image path, image MD5/SHA256 hash, and more.
This video below is about Qualys Indication of Compromise Product Overview by E-SPIN that will give you more information regarding this product.
For those who can not join us for the session, please see the summary and highlight clip for the event.
E-SPIN recently run a Qualys Indication of Compromise what’s new session cover what new for new user and existing users.
Feel free to contact E-SPIN for solution, product and project requirements.