ThreatConnect: Indicator for Suspicious Behavior and Malware
Information about threats comes from many different sources. Several third parties, such as ThreatConnect, offer such information which can be used as indicators for suspicious behavior and/or malware in your environment. ThreatConnect technology can be integrated with Tenable's SecurityCenter and Nessus products as follows:
- IP addresses, file hashes, and URLs can be used as indicators with SecurityCenter.
- File hashes can be used as part of malware scanning with Nessus.
For example, custom file hashes could be exported from ThreatConnect and used in Nessus or SecurityCenter custom malware scans. Below is the example output:
We've detected 3 hosts running malware, and the report output provides details such as process name, file path, and PID.
The list of "bad guy" IP addresses can also be imported into a SecurityCenter watch list as follows:
The domain name, which has been obfuscated, can be detected in the DNS logs being correlated inside SecurityCenter, ultimately producing the log entries showing the client IP addresses that have likely been infected.
For more details on this functionality, please see the document titled "Using ThreatConnect Indicators" posted to the Tenable Discussions Forum.
Related Articles
Cybersecurity Snapshot: 6 Best Practices for Implementing AI Securely and Ethically
May 31, 2024Like many organizations, yours is likely using AI – or at least thinking about deploying it soon. But how can you ensure you use it securely, responsibly, ethically and in compliance with regulations? Check out best practices, guidelines and tips in this special edition of the Tenable Cybersecurity Snapshot!
Taking IBM QRadar SIEM One Step Further Using Tenable.ad
September 30, 2021If you can't continuously monitor Active Directory, it's impossible to achieve full visibility into your evolving attack surface. Here's how combining Tenable.ad with IBM QRadar can help. It's no sec...
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
Cybersecurity Snapshot: New Guides Offer Best Practices for Preventing Shadow AI and for Deploying Secure Software Updates
October 25, 2024Looking for help with shadow AI? Want to boost your software updates’ safety? New publications offer valuable tips. Plus, learn why GenAI and data security have become top drivers of cyber strategies. And get the latest on the top “no-nos” for software security; the EU’s new cyber law; and CISOs’ communications with boards.
- Integrations
- Nessus
- SecurityCenter
- Threat Intelligence