In this blog post, I am going to show you some ways to review data that have been collected with the Mandiant Redline™ tool, without using the Redline interface. I will be using Mandiant's AuditParser™ tool in order to transform the Redline audit XML into tab separated data. This will let you take data and view it in different ways, as well as perform timeline analysis on data you have collected. I will focus on using data collected by a Redline Portable collector, which was configured to perform a Comprehensive Collection. The AuditParser tool will also work with audit data that have been collected with the MIR Agent, or with IOCFinder™.Read more...
Entries filed under 'IOC'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
October 18, 2012 3:58 PM By Richard Bejtlich
Digital security professionals usually associate "security awareness" with initiatives to educate employees. The idea is that if the security staff can teach employees to be wary online, they will be less likely to fall prey to various forms of cyber-attack. I agree with this philosophy, and I find it difficult to believe that anyone would argue against training employees. However, security staff should do some level of cost-benefit analysis to ensure that the resources expended on training do not exceed the benefits!Read more...
August 22, 2012 6:00 PM By Christopher Glyer
August 21, 2012 5:47 PM By John Bradshaw
I remember (way) back in 1989 when I had just started my career in IT, HP came out with a slogan, "We never stop asking, 'What if....'" What I've come to learn as I moved into the realm of responding to security intrusions is that you should never stop asking, "Now what??"Read more...
August 20, 2012 2:42 PM By Ryan Kazanciyan