Advanced threats can bypass traditional security defenses and spread through an enterprise. With Endpoint Sensor you can investigate and search for advanced threats by sweeping for Indicators of Compromise (IOC) and hunting for Indicators of Attack (IOAs). A full root cause analysis can give full visibility into attacks.
Endpoints can be queried (sweeping) for specific communications, specific malware, registry activity, account activity, running processes, and more. Search inputs can be individual parameters, OpenIOC files, or YARA files.
Advanced attacks typically use multiple techniques to carry out their objectives. By discovering and correlating these multiple steps, Endpoint Sensor identifies the attack and builds a root cause analysis, including a remediation plan. Using indicators of attack (IOAs), Endpoint Sensor can discover the many indicators and techniques of advanced threats to give better visibility into all stages of the attack.