Michael Sconzo

Content Update

Blog Post created by Michael Sconzo Employee on Nov 17, 2016

This is a pretty exciting content update! We've got some new stuff and some updated stuff.


First the updated:

  • Based on continued FirstWatch tracking of Cerber ransomware we've added some additional checks to both the Cerber App Rule, and the Cerber ESA rule. 


Now the new:

  • In my last post you saw that we released this Investigations Feed, our newest feed release is the companion Hunting Feed. This allows you more views into the types of features that network traffic and logs can generate to enable easier hunting.
  • We are also super excited to announce the available of the Hunting Pack! This content will work in 10.3 or greater (it requires Lua), and stay tuned to get it in bundle format with the release of 10.6.2. In addition the Hunting Guide is also available. Be sure to check out the Removal Guide if you're running the legacy IR content.


As always let us know what you think of the new content (and updates).