Indicators of Compromise
- Database Dumps/Backup Files for Discovery
Policy for detecting records of SQL table data extracted from a database. The rules for this policy are:
- Database Dumps/Backup Files: MySQL-Format Database Dump (Wide)
- Database Dumps/Backup Files: MySQL-Format Database Dump (Default)
- Database Dumps/Backup Files: Microsoft Tape Format
- Private Keys for Discovery
Policy for detecting private keys or file formats that contain them. The rules for this policy are:
- Private Keys: DSA Private Key
- Private Keys: Elliptic Curve Private Key
- Private Keys: JSON Keystore File Private Key
- Private Keys: OpenSSH Private Key
- Private Keys: PGP Private Key
- Private Keys: PKCS #1 Private Key
- Private Keys: Encrypted PKCS #8 Private Key
- Private Keys: Unencrypted PKCS #8 Private Key
- Private Keys: PKCS #12 File
- Private Keys: SSH2 Private Key
- Private Keys: Textual PPK Private Key
- .REG Files for Discovery
Policy for detecting .REG files (Windows Registry files). The rule for this policy is:
- .REG File
- Suspected Malicious Dissemination for Discovery
Policy for the detection of a suspected malicious content dissemination such as: encrypted or manipulated information, passwords files, credit card tracks, suspected applications and dubious content such as information about the network, software license keys, and database files. The rules for this policy are:
- Suspected Malicious Dissemination: Email Address and Password (Wide)
- Suspected Malicious Dissemination: Email Address and Password (Default)
- Suspected Malicious Dissemination: Encrypted File (Known Format)
- Suspected Malicious Dissemination: Generic Encryption Detection
- Suspected Malicious Dissemination: IT Asset Information
- Suspected Malicious Dissemination: Malicious Concealment
- Suspected Malicious Dissemination: Password (Wide)
- Suspected Malicious Dissemination: Password (Default)
- Suspected Malicious Dissemination: Password (Narrow)
- Suspected Malicious Dissemination: Password File
- Suspected Malicious Dissemination: Suspected Application (Steganography and Encryption)
- Suspicious Data Concealment Applications
Policy for detection of data concealment applications. The rule for this policy is:
- Suspicious data concealment applications: Steganography applications