Solution Briefs

Investigate Use Case: Research files hashes during incident response.

Issue link: https://learn-umbrella.cisco.com/i/750789

Contents of this Issue

Navigation

Page 0 of 1

Cisco Umbrella Investigate Use Case: Research files hashes during incident response U S E C A S E Gain intelligence about the malware, domains, and IPs used in attacks. Cisco Umbrella Investigate includes threat intelligence about malware files from Cisco AMP Threat Grid — providing the most complete view of the internet infrastructure and malware used in attacks. In addition to providing insight into the domains, IPs, and networks used to stage and launch attacks, Investigate automatically shows correlations with malware and detailed static and dynamic analysis about the files. In a single, correlated source, you can research domains, IPs, and file hashes to prioritize and speed up incident investigations and research potential threats. Expanded view of an attack Investigate automatically correlates malware files with domains, which helps uncover additional IOCs and attribute them to specific attacks. All of the information you need, correlated in a single source Query file hashes, domains, IPs, and more to speed up the time of incident investigations. One click into more detailed static and dynamic analysis Pivot directly into Threat Grid for deeper research and analysis of files. *Threat Grid license required for additional context. © 2016 Cisco and/or its affiliates. All rights reserved.

Articles in this issue

view archives of Solution Briefs - Investigate Use Case: Research files hashes during incident response.