From a750a23b2445a3fb4ea390c5c13f3670f4debfa5 Mon Sep 17 00:00:00 2001 From: Mike McNeil Date: Mon, 22 Jan 2024 18:28:56 -0600 Subject: [PATCH] =?UTF-8?q?=F0=9F=95=B3=EF=B8=8F=F0=9F=91=96=20vs=20?= =?UTF-8?q?=F0=9F=90=8D=F0=9F=91=96=20(#16265)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Malware detection is not exclusively "vuln management" (arguably not VM at all) like finding a snake in your pants vs a hole in your pants --- handbook/company/pricing-features-table.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/handbook/company/pricing-features-table.yml b/handbook/company/pricing-features-table.yml index 950e6ec2da..0c897f880a 100644 --- a/handbook/company/pricing-features-table.yml +++ b/handbook/company/pricing-features-table.yml @@ -187,7 +187,7 @@ # ╔╦╗╔═╗╦ ╦ ╦╔═╗╦═╗╔═╗ ╔╦╗╔═╗╔╦╗╔═╗╔═╗╔╦╗╦╔═╗╔╗╔ ┌─╦ ╦╔═╗╦═╗╔═╗─┐ # ║║║╠═╣║ ║║║╠═╣╠╦╝║╣ ║║║╣ ║ ║╣ ║ ║ ║║ ║║║║ │ ╚╦╝╠═╣╠╦╝╠═╣ │ # ╩ ╩╩ ╩╩═╝╚╩╝╩ ╩╩╚═╚═╝ ═╩╝╚═╝ ╩ ╚═╝╚═╝ ╩ ╩╚═╝╝╚╝ └─ ╩ ╩ ╩╩╚═╩ ╩─┘ -- industryName: Malware detection (YARA) # TODO: consider: technically more than YARA, consider generalizing this and including the concept of comparing known binary hashes (either via live query or in the data lake to compare threat intel feed) +- industryName: Malware detection (YARA/custom IoCs) # TODO: consider: technically more than YARA, consider generalizing this and including the concept of comparing known binary hashes and other IoCs (either via live query or in the data lake to compare threat intel feed) friendlyName: Scan files for malware signatures description: Report and trigger automations when malware or other unexpected files are detected on a host using YARA signatures. documentationUrl: https://fleetdm.com/tables/yara @@ -195,7 +195,7 @@ dri: mikermcneil usualDepartment: Security productCategories: [Endpoint operations,Vulnerability management] - pricingTableCategories: [Vulnerability management] + pricingTableCategories: [Endpoint operations,Vulnerability management] buzzwords: [YARA scanning,Cyber Threat Intelligence (CTI),Indicators of compromise (IOCs),Antivirus (AV),Endpoint protection platform (EPP),Endpoint detection and response (EDR),Malware detection,Signature-based malware detection,Malware scanning,Malware analysis,Anomaly detection] demos: - description: A top media company used Fleet policies with YARA rules to continuously scan host filesystems for malware signatures provided by internal and external threat intelligence teams.