• Network Connections (IP) - IOC / Threat Actors

Network Connections (IP) - IOC / Threat Actors
WidgetDescriptionType
IOC Actor Details Displays a list of IOC actor details including source IP, destination IP, etc.

Hide Query

Show Query

Event List
Threat Actors A pie chart of detected IOCs by associated Threat Actor groups

Hide Query

Show Query

Pie Chart
IOCs without Threat Actors - Associated Locations Displays a world map of detected IOC threat locations.

Hide Query

Show Query

World Map
Threat Actors - Associated Locations A world map of detected IOC threat Actor Locations

Hide Query

Show Query

World Map
IOCs without Attribution Displays a list of IOC lookups that are not attributed to threat actors and organizes them geographically.

Hide Query

Show Query

Event List
Threat Actors - Hits by Country A time series chart indicating IOC associated country

Hide Query

Show Query

Time Chart
CrowdStrike Adversary Tracking - Firewall IOCs Apply Falcon threat intelligence to your firewall data to see which adversaries are targeting your network. CrowdStrike currently tracks and profiles hundreds of adversaries, and indicator of compromise (IOC) details are streaming into Falcon Long Term Repository and updated hourly. Every adversary is motivated by a specific objective whether it is financial, espionage or political gain. CrowdStrike uses a two-part cryptonym so adversaries can be easily identified based on these three critical motivating factors: * Nation-states perform espionage and are identified by their country of origin's national animal such as BEAR (Russia), PANDA (China), KITTEN (Iran), CHOLLIMA (North Korea), etc. * SPIDERs are cybercriminals motivated by monetary gain * Hacktivists, looking to create political disruption, are JACKALS For more information about adversary naming, additional details available here: CrowdStrike Adversary Overview. This dashboard requires Falcon Long Term repository license. Your firewall data needs to be normalized to the OpenTelemetry standard. Add firewall parsers from LogScale marketplace to your ingest feeds to get started. Note