Indicator of Compromise Detection EngineIOC
A detection engine based on Indicators of Compromise to generate alerts on indicators associated with known threats.
IOC Engine can be configured to scan executables as soon as they are written to disk.
The IOC Engine can generate alerts, among other things, on:
IOCs can be enriched by users to extend the detection or investigation capabilities of the EDR according to their needs and their threat landscape.
IOCs have a short lifespan. To ensure optimal, ongoing protection, an EDR needs to be able to easily connect with third-party solutions to enrich IOCs and evolve them over time.
HarfangLab’s EDR can be connected to Threat Intelligence solutions such as OpenCTI, the IOC knowledge base.
This connector enables OpenCTI IOCs to be integrated into HarfangLab, and HarfangLab Security Events and Threats to be retrieved and integrated into OpenCTI.
This enables analysts to centralize data and structure information on threats and attacker groups to improve their knowledge about the context.
Find out more
EDR CSPN Certified by ANSSI
Perks of Sigma and YARA rules in an EDR
Sigma and YARA are rule formats for detecting threats – malicious behaviors and files (or binaries) respectively. What are the…
EDR with AI Detection Engine – Ashley
EDR with Signatures Detection Engine – YARA Rules