Indicator of Compromise Detection Engine IOC

A detection engine based on Indicators of Compromise to generate alerts on indicators associated with known threats.

ioc-hero-harfanglab

IOC Engine can be configured to scan executables as soon as they are written to disk.

The IOC Engine can generate alerts, among other things, on:

  • IP
  • Hash
  • URL
  • DNS

IOCs can be enriched by users to extend the detection or investigation capabilities of the EDR according to their needs and their threat landscape.

ioc-continuously-enriched-iocs-to-cope-with-threats-harfanglab

IOCs have a short lifespan. To ensure optimal, ongoing protection, an EDR needs to be able to easily connect with third-party solutions to enrich IOCs and evolve them over time.

HarfangLab’s EDR can be connected to Threat Intelligence solutions such as OpenCTI, the IOC knowledge base.

This connector enables OpenCTI IOCs to be integrated into HarfangLab, and HarfangLab Security Events and Threats to be retrieved and integrated into OpenCTI.

This enables analysts to centralize data and structure information on threats and attacker groups to improve their knowledge about the context.

ioc-an-engine-that-connects-with-third-party-tools-harfanglab
ioc-continuously-enriched-iocs-to-cope-with-threats-harfanglab
ioc-an-engine-that-connects-with-third-party-tools-harfanglab

Find out more

certification-anssi-harfanglab

EDR CSPN Certified by ANSSI

Read more
1min
Cybersecurity YARA and Sigma rules

Perks of Sigma and YARA rules in an EDR

Sigma and YARA are rule formats for detecting threats – malicious behaviors and files (or binaries) respectively. What are the…

Read more
6min
Product
ashley-hero-harfanglab

EDR with AI Detection Engine – Ashley

Read more
1min
yara-hero-harfanglab

EDR with Signatures Detection Engine – YARA Rules

Read more
1min
sigma-hero-harfanglab

EDR with Behavioral Detection Engine – Sigma Rules

Read more
1min