Skip to main content

Malware

Malware 1.2.7 355518

This popular “whack-a-malware” Content Pack helps you automate IOC extraction and enrichment, detonate malicious files, hunt for more IOCs and more.

Malware, or malicious software, is any program or file that is intentionally designed to be harmful to a computer, server, client or computer network.
Malware investigations require security teams to reconcile data from multiple malware analysis and threat intelligence tools. Valuable time is lost shuttling between screens and executing repeatable tasks while an attack continues to manifest.
This Malware content pack contains the ‘Endpoint Malware Investigation - Generic’ playbook, that automates response to a malware found on an endpoint. The pack also contains the corresponding custom malware incident fields, views and layouts to facilitate analyst investigation.
The Malware playbooks orchestrate across multiple products to extract and enrich IOCs, detonate malicious files, hunt for more IOCs within the organization, and perform remediation on the malware.

What does this pack do?

The playbooks included in this pack help you save time and automate repetitive tasks associated with Malware incidents:

  • Create a Malware incident within Cortex XSOAR associated with the Malware.
  • Extract and enrich all relevant indicators from the source alert, including the source endpoint, malicious file and all related IOCs.
  • Retrieve and analyze the malicious file and provide reputation using your sandbox and threat intelligence integrations.
  • Calculate severity for the incident based on initial severity provided, indicator reputations, email authenticity check and critical assets if any are involved.
  • Engage with the analyst regarding potentially harmful tasks such as isolating the source endpoint and other infected endpoints found by the hunting playbook.
  • Remediate the incident by blocking malicious indicators.
  • Generating an investigation report to document the incident’s details.

As part of this pack, you will also get out-of-the-box malware incident type views, with incident classification mapping, fields and a full layout. All of these are easily customizable to suit the needs of your organization.

For more information, visit our Cortex XSOAR Developer Docs

Endpoint_Malware_Investigation_Generic

PUBLISHER

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex XSOAR
CreatedJuly 26, 2020
Last ReleaseJanuary 11, 2021
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.