RAI2313_0001: Perform malware analysis via SOLDR

Summary

ID	RAI2313_0001
Brief Description	This response action is intended to perform malware analysis of choosen file
Author	Alex@Cyberok
Creation Date	2023/02/03
Modification Date	2023/03/30
Requirements	software
Tags	Malware Analysis Linux Windows Macos
Means of action	SOLDR cpe:2.3:a:soldr:soldr:*:*:*:*:*:*:*:*
Targets of action	Windows Host cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Linked Response Actions	Analyse Windows Pe

Description

Sandbox module sends files for checking and malware analysis directly from the SOLDR (XDR) interface.

Target system requirements

1) Installed SOLDR agent.

Requirements for means of action

1) Enabled "Sandbox" module.

Expected impact result

1) Get a file's verdict - (clean, suspicious, malware).

Implementations

Set up module

1) some info

Module usage example

2) more info