Intezer has created the world’s first cyber immune system against malicious code. The company detects mutations of any threat seen in history by recognizing even the slightest amount of code reuse.
This technology is helping security teams protect their cloud workloads and accelerate incident response.
Every day security teams face many alerts from their endpoint protection solution.
The teams lack context on these alerts: Are these indicate a real incident or not? What is the risk and the impact? How to respond?
The alerts can be on a specific file, hash, or on the endpoint itself.
Utilizing Intezer’s technology, teams can gain additional unique information about alert, such as: malware family, threat actor, similarities to other known malware and more.
This information can help not only get a malicious verdict but much more context for accelerating and tailoring incident response.
The Actions and playbooks included in this pack help you save time, and automate your incident response pipeline by:
- Checks file reputation for an uploaded file.
- Checks file reputation by a given hash, supports SHA256, SHA1, and MD5.
- Checks the analysis status and gets the analysis result, supports file and endpoint analysis.
- Scan windows endpoint using D2 agent.