Cisco Umbrella Investigate Use Case:
Research files hashes
during incident response
U S E C A S E
Gain intelligence about the malware, domains, and IPs used in attacks.
Cisco Umbrella Investigate includes threat intelligence about malware files from Cisco AMP
Threat Grid — providing the most complete view of the internet infrastructure and malware
used in attacks. In addition to providing insight into the domains, IPs, and networks used to
stage and launch attacks, Investigate automatically shows correlations with malware and
detailed static and dynamic analysis about the files. In a single, correlated source, you can
research domains, IPs, and file hashes to prioritize and speed up incident investigations and
research potential threats.
Expanded view of an attack
Investigate automatically correlates malware files with domains, which
helps uncover additional IOCs and attribute them to specific attacks.
All of the information you need, correlated in a single source
Query file hashes, domains, IPs, and more to speed up the time of
incident investigations.
One click into more detailed static and dynamic analysis
Pivot directly into Threat Grid for deeper research and analysis of files.
*Threat Grid license required for additional context.
© 2016 Cisco and/or its affiliates. All rights reserved.
