03-15-2023 09:37 AM
I cannot for the life of me find anything more about the Discovery Event “Host IOC Set” except for:
This event is generated when an IOC (Indications of Compromise) is set for a host and generates an alert.
What does that mean?
Many of the events have a category of Impact 2 Attack; Event Type: Impact 2 Intrusion Event - web-application-attack.
What do I do about this?
03-15-2023 11:10 AM
This means any of the Host comprimised - it will generate alert to your SIEM and generate Ticket to investigate the Host.
This will generate various co-relation of data.
What do I do about this? < - if you get this alerts you need to investigate this Host ( any malware or any other infected ) - generally take out from network and investigate, and suggest method always re-image to protect the network.
03-15-2023 11:21 AM
How do I determine what has compromised the host?
03-15-2023 07:55 PM
The logs will generate - depending on the config and deployment.
You need to read more about deployment of IPS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide