D3 XGEN SOAR for Cryptojacking Attacks

 

Steps for Orchestrated Cryptojacking Response 

Step 1:   When D3 is alerted to a potential cryptojacking event, the analyst can trigger an incident-specific cryptojacking playbook.

Step 2:   D3 investigates the IOCs, determining the reputation of the URLs and IPs, and blocks them if necessary.

Step 3:   Simultaneously, D3 retrieves logs from Datadog or another integrated tool and also retrieves the details of the affected instance.

Step 4:   D3 retrieves the security group details of the affected instance and the analyst decides if the EC2 or hosts need to be quarantined. D3 then quarantines the EC instance and takes a volume snapshot.

Step 5:   Simultaneously, D3 queries the mapping list to get the McAfee ePO system name, groups, and system details.

Step 6:   D3 then orchestrates a scan of the EC2 instance via ePO.

Step 7:   Finally, D3 generates a summary report of the incident.

 

 

Benefits of Cryptojacking Protection

 

✔  Full Investigation of Incidents

D3 acts as a bridge between application performance monitoring (APM) tools and security tools, enabling users to turn evidence of cryptojacking into end-to-end, automation-powered investigation and response.

✔  Hybrid Security

D3 integrates with cloud and on-premise tools, empowering incident response that can leverage the entire security stack and span across environments.

✔  Automatic Escalation

Users of Datadog or another APM tool can set up filters to automatically escalate signs of cryptojacking to D3 for investigation.

✔  Act Quickly and Efficiently

By automating cryptojacking response, you can rapidly minimize the damage of attacks with minimal resources used on each incident.

 

XGEN SOAR demo image

XGEN SOAR Demo

Speak to a SOAR expert about your automation strategy.

See our product in action.

Let's Get Started