Forensic Activities with Bigfix!
How BigFix Helps Investigate a Threat in Forensic Activities

BigFix is a fundamental tool to help you in Forensic Activities.

With the BigFix Relevance language, you can implement and perform many checks to detect a computer attack or security exposure.

An example of an attack that might compromise a computer is the combination of the following actions:

With keyword malware on bigfix.me you can find relevances to detect this attack and other examples on how to detect malware.

You can continuously monitor a computer status creating an analysis that collects properties related to attack actions.

You can set up BigFix to deliver a periodic report, sent to an email inbox, about the status of that analysis on the computers in the environment without you having to check the BigFix console every day. You can remediate exposures by running an ad hoc Fixlet to clean up any computer that is affected by the hack, for example, consider an action that deletes the registry key.

Relevance to execute Forensics IOC checks

Forensics identifies checks that detect exposures through Indicators Of Compromise (IOC). You can use the Relevance language to map IOC checks.
Discover How to convert an OpenIOC document into a Fixlet and the mapping between OpenIOC terms and the Relevance language.

Use Yara from BigFix

Yara is an open source malware identification tool that uses rules based on text or binary patterns to look for malware signatures in files. You can produce BigFix tasks that install Yara on target endpoints and run Yara rules.

Use following keywords foresic openIOC malware to find and upload content related for Forensic Activities on bigfix.me .

Useful links:

Is Your Endpoint Strategy Keeping You Secure?
Bigfix Security Strategy
Investigating threats with Bigfix
9/18/2015 8:04:45 AM
lattanas
lattanas's Avatar