Recent updates
-
Before You Begin
Updated onArticleThis section will walk you through demo access methods and get you set up to perform the demo.
Edited for Discovery (Pathfinder) SPL-TD-SASE-01 Before You Begin
-
Conclusion
Updated onArticleYou reached the end of this demo.
For more information:
Edited for Discovery (Pathfinder) SPL-TD-SASE-01 More Info
-
CWS Monitoring Overview
Updated onArticleThis section talks about the various monitoring features available with Cloud Web Security (CWS).
Edited for Discovery (Pathfinder) SPL-TD-SASE-01 Monitoring Cloud Web Security
-
Horizon Cloud on Microsoft Azure - Universal Console
Updated onArticleIn this section, we will go through the Horizon Cloud Universal Console
Edited for Discovery (Pathfinder) SPL-TD-HZC-01 Horizon Cloud on Microsoft Azure - Universal Console
-
HCX Interface
Updated onArticleIn this section, we will explore the HCX Interface and walk through the product features
Edited for Discovery (Pathfinder) SPL-TD-AWS-01 Open HCX Interface
-
Resources
Updated onArticleEdited for Discovery (Pathfinder) SPL-TD-CB-06 Additional Resources
-
Threat Hunting Takeaways
Updated onArticle- Attackers are using ways to evade traditional security technologies
- Outlook
- MS Word
- GitHub
- Windows built in tools - arp, ipconfig, systeminfo, hostname etc.
- Outbound HTTPS (port 443) connections
- Without deep telemetry data, context provided by Watchlist hits and process tree visualization. It is difficult to replay the attack stages and formulate what happened at the device level.
- Binary details can be useful to search the blast radius and even contain it by simply adding it to the banned list.
"Threat hunting is an exercise of finding anomaly across normal looking patterns."
Note: Carbon Black is set to Detection only policy for demonstration purposes. Initial stages of this attack could have been prevented leveraging Carbon Black prevention policies.
Edited for Discovery (Pathfinder) SPL-TD-CB-06 Threat Hunting Takeaways
- Attackers are using ways to evade traditional security technologies
-
Threat Hunting Overview using Carbon Black Cloud
Updated onArticleIn this section, we will learn about Threat Hunting using Carbon Black Cloud
Edited for Discovery (Pathfinder) SPL-TD-CB-06 Threat Hunting using Carbon Black Cloud
-
Wear a hat as a security operations center (SOC) analyst
Updated onArticleIn this section, you will go through the experience of a SOC analyst. From here onwards, let's imagine that you do not have access to the endpoint, and that you need to investigate what happened.
Watch VMware RICK MCELROY discussing building threat hunting into your security operations - HERE.
Edited for Discovery (Pathfinder) SPL-TD-CB-06 Lab Time - Wear a hat as a security operations center (SOC) analyst
-
Wear a hat as a Victim
Updated onArticleIn this section, you will go through the experience as a victim. You will open the email using outlook, open the attachment etc., all the steps what victim had gone through.
This attack is phishing email turned into a ransomware.Edited for Discovery (Pathfinder) SPL-TD-CB-06 Lab Time - Wear a hat as a Victim