is it possible to figure out which TIEM Rules triggered when a TIE/Suspect!xxx Event was generated?
This information would help to classify executables where such an event triggered.
Figured out :-)
under the Threat Events there are 3 values under the "Threat Intelligence Exchange Module for VSE Rules"
- Rule Description
- Rule Long Description
- Rule Name
This can be matches with the Threat Name "TIE/Suspect....".