Indicator Expansion with Analysis Pipeline
CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
Pagination or Media Count:
Indicator expansion is a process of using one or more data sources to obtain more indicators of malicious activity by identifying those related to currently known indicators. Generic Situation 1. Our host communicates with known bad IP address. 2. Host gets infected. 3. Host communicates with a different IP for Command and control. Exfiltration. Let s try and find these second-level IP addresses.
- Computer Systems Management and Standards