Tactical Threat Intelligence - FireEye Tool

Video Activity

We conclude this module with an overview of the IOC editor in FireEye. Dean reviews the folder containing the IOCs, how to create a new indicator or pull one from a file, and digging through documents.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 8 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Description

We conclude this module with an overview of the IOC editor in FireEye. Dean reviews the folder containing the IOCs, how to create a new indicator or pull one from a file, and digging through documents.

Video Transcription
00:03
Okay, so let's have a look at the IOC editor.
00:07
This is downloadable from Fire I.
00:13
When you first start this up, it's going to prompt you for a folder where the IOC's are located.
00:18
Well, now, don't worry. On the scan of my local machine didn't actually detect any IOC's,
00:23
so I don't have anything to look at here. But I can open. I'll see directory,
00:29
and I can point it to the
00:32
folder on the desktop
00:34
for my route user. You see a truck to look for anything there, but
00:38
problem
00:39
did Discovery. Or maybe I find IOC and it's any operating system folder or an application folder,
00:48
so
00:49
this would be populated
00:51
with that information.
00:53
You can see that the columns kind of compressed themselves,
00:57
but I can also do is I can create a new indicator.
01:00
I could pull one from a file if I had one,
01:03
but I can create a new one because I know that I've got some information.
01:08
That's, uh,
01:11
that indicates something has happened.
01:14
You can see
01:15
be given a name who the author is.
01:19
There could be a good associated with this or
01:22
other
01:23
interesting data like what type of indicator. Is it?
01:26
What reference information is there
01:30
even a description?
01:33
And then you can create awesome logical constructions here
01:37
to build
01:38
multiple pieces of information. To say this and this or this and that
01:45
indicates that a compromise it happened. Whatever those details might be
01:49
again, dig into the documentation and you could get a little bit better idea of how to use thes
01:56
these particular tools. So I hope you enjoy this introduction to some of the tools from fire. I
02:01
look at the red eye scanner and saw the IOC editor.
02:07
You need to get to the documentation, as I said, to use some of the more advanced features, like the memory analyzer.
02:13
Uh,
02:14
but at least you got an idea of what kind of data can be captured.
02:17
And you saw a little bit of information about the interface and how you might dig a little bit deeper
02:23
into
02:24
looking for indications of a compromise.
02:28
All right, that sums up this mountain will see in the next one. Thank you.
Up Next
Intro to Cyber Threat Intelligence

The CTI course consists of 12 information-packed modules. CTI is a critical function within any organization that involves roles like analysts, methodologies, tools, teams, and policies. From threat analysis to the Cyber Kill Chain, learn it here.

Instructed By