cancel
Showing results for 
Search instead for 
Did you mean: 
mrwh1t3
Level 9

Indicators of Compromise (IOC)

Jump to solution

For those of you that are aware of Open Indicators of Compromise (OpenIOC) might be able to answer this.

I was wondering if you have done any experiments replicating the IOC framework within custom HIPS signatures, or whether it's even possible to get the same level of detail that the OpenIOC provides.

I've included an example screen shot of how you configure it within OpenIOC to spot a Zeus infection. Any suggestions on writing rules like this in HIPS would be most welcome.

I also added one from STUXNET (top one).

www.openioc.org

Thanks

Message was edited by: mrwh1t3 on 10/3/12 8:57:33 PM CDT
0 Kudos
1 Solution

Accepted Solutions
mrwh1t3
Level 9

Re: Indicators of Compromise (IOC)

Jump to solution

I believe I found the answer to my question (sort of). I don't believe it can be fully duplicated within HBSS, but I think using Policy Auditor and creating custom checks will give you an 80% - 90% solution.

1 Reply
mrwh1t3
Level 9

Re: Indicators of Compromise (IOC)

Jump to solution

I believe I found the answer to my question (sort of). I don't believe it can be fully duplicated within HBSS, but I think using Policy Auditor and creating custom checks will give you an 80% - 90% solution.