FortiSOAR Discussions
Anonymous
Not applicable

Sunburst Attack Response with Automated IOC Hunting Playbook

The Sunburst Attack Solution Pack is designed to help security teams investigate and respond to indicators of compromise (IOCs) related to the Sunburst Attack, also known as the SolarWinds breach. This attack is a highly sophisticated supply chain attack that has compromised numerous large organizations. Here's a breakdown of the key functionalities of this solution pack:

Download IOCs from CSV file: This step involves retrieving indicator of compromise (IOC) data from a CSV file. IOCs are pieces of information that may indicate a security incident or compromise. In the context of the Sunburst Attack, these IOCs could include IP addresses, domain names, file hashes, URLs, or other data that is known to be associated with the attack. By importing this data from a CSV file, the solution pack ensures that the latest known indicators are available for analysis.

Create Alerts: Once the IOCs are downloaded, the solution pack proceeds to create alerts within the FortiSOARâ„¢ platform. In this case, the alerts are based on the IOCs related to the Sunburst Attack. These alerts serve as triggers for further investigation and response actions.

Sunburst IOC Hunt Playbook: The Sunburst IOC Hunt Playbook, at the heart of the solution pack, orchestrates the response to Sunburst Attack indicators by automating the hunting process within your network and systems.  Upon detection of any suspicious activity, it initiates responses such as isolating affected systems, collecting forensic evidence, blocking malicious IP addresses, or notifying relevant personnel, significantly enhancing security team effectiveness by minimizing manual effort and facilitating rapid threat mitigation.

 

Reference:https://fortisoar.contenthub.fortinet.com//detail.html?entity=sunburstAttack&version=1.0.1&type=solu...

0 REPLIES 0