Time
4 hours 8 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Description

We conclude this module with an overview of the IOC editor in FireEye. Dean reviews the folder containing the IOCs, how to create a new indicator or pull one from a file, and digging through documents.

Video Transcription

00:03
Okay, so let's have a look at the IOC editor.
00:07
This is downloadable from Fire I.
00:13
When you first start this up, it's going to prompt you for a folder where the IOC's are located.
00:18
Well, now, don't worry. On the scan of my local machine didn't actually detect any IOC's,
00:23
so I don't have anything to look at here. But I can open. I'll see directory,
00:29
and I can point it to the
00:32
folder on the desktop
00:34
for my route user. You see a truck to look for anything there, but
00:38
problem
00:39
did Discovery. Or maybe I find IOC and it's any operating system folder or an application folder,
00:48
so
00:49
this would be populated
00:51
with that information.
00:53
You can see that the columns kind of compressed themselves,
00:57
but I can also do is I can create a new indicator.
01:00
I could pull one from a file if I had one,
01:03
but I can create a new one because I know that I've got some information.
01:08
That's, uh,
01:11
that indicates something has happened.
01:14
You can see
01:15
be given a name who the author is.
01:19
There could be a good associated with this or
01:22
other
01:23
interesting data like what type of indicator. Is it?
01:26
What reference information is there
01:30
even a description?
01:33
And then you can create awesome logical constructions here
01:37
to build
01:38
multiple pieces of information. To say this and this or this and that
01:45
indicates that a compromise it happened. Whatever those details might be
01:49
again, dig into the documentation and you could get a little bit better idea of how to use thes
01:56
these particular tools. So I hope you enjoy this introduction to some of the tools from fire. I
02:01
look at the red eye scanner and saw the IOC editor.
02:07
You need to get to the documentation, as I said, to use some of the more advanced features, like the memory analyzer.
02:13
Uh,
02:14
but at least you got an idea of what kind of data can be captured.
02:17
And you saw a little bit of information about the interface and how you might dig a little bit deeper
02:23
into
02:24
looking for indications of a compromise.
02:28
All right, that sums up this mountain will see in the next one. Thank you.

Up Next

Intro to Cyber Threat Intelligence

The CTI course consists of 12 information-packed modules. CTI is a critical function within any organization that involves roles like analysts, methodologies, tools, teams, and policies. From threat analysis to the Cyber Kill Chain, learn it here.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor