Below is a Screenshot of the last 24 hours view in the RSA FirstWatch Malware Sandbox. Everything in the alert field represents KNOWN threats. This makes it quite simple to filter out what is known to analyze traffic that is unknown.
Heh, If I was working a SOC shift and my alert fields looked like this, I'd probably want to quit and wish the IT response teams lotsaluck.
Much of this content that creates these alerts have been shared over this Community. Check the latest blogs!
Wow. You have more malware hosted in there than a Ukranian pr0n server.
Any chance you can share some interesting parsers or Informer rules/charts/alerts too? There seems to be a distinct lack of examples, particularly of cool parsers, that we can use to get new ideas from.