Michael Sconzo

Content Update

Blog Post created by Michael Sconzo Employee on Nov 4, 2016

We continue to be hard at work building out our fundamentals and delivering new content to help you detect new threats. This round we have some pretty exciting updates.


  • SchoolBell malware detection. SchoolBell was discovered by FirstWatch while looking into ShellCrew infrastructure. Stay tuned for for more information from FirstWatch, but enable the detection now.
  • We are also staying up-to-date on Cerber Ransomware as it continues to be a threat. We've updated the ESA rule to reflect a new behavior we picked up. In addition expect another blog post and updated threat information from FirstWatch.
  • Last but certainly not least, we're releasing the Investigation Feed (available in Live today)! Check out the doc for more information, screen shots, and how to be successful with the content. The goal of this feed is to help categorize content for easy reporting and investigations. This is an ongoing effort so be aware of constant updates.