Indentifying Potential Intrusion

As mentioned earlier, you can see the object details on the Threat Monitoring dashboard if there are any IOC matches.

Threat Monitoring has identified an object with an IOC match derived from the Rubrik Threat Intelligence feed.

On the dashboard, you will observe details (A) such as:

• Object name

• The number of files matches

• The time when the match was detected

• Match Type

Now, to get the details of the IOC, click on Windows File Share.

Threat Monitoring Dashboard

You can also observe details (A) such as:

• File name and size

• The first matched snapshot

• Match Type

• The time when the match was detected

On the right panel, you can observe the details (B) such as:

• The path for the specific file

• Indicators of compromise (IOC) details including the IOC name, the threat intelligence source, the file hashes of the malicious file, the author of the IOC, and the IOC description

• The affected snapshots indicated by Threat Monitoring

Object & IOC details

Armed with this information, the Zaffre security team can formulate a quarantine plan and recover from a clean snapshot.

Without the Threat Detection app, you cannot use up-to-date threat intelligence to find lurking threats early!