Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

trellix esm 11.0 and 11.5 essentials > Cyber Threats in ESM > Flashcards

Cyber Threats in ESM Flashcards

1
Q

What is Threat Intelligence?

A

Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors.

https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is STIX, TAXII and CybOX?

A

These are different types of data exchange formats to share cybersecurity situational awareness, real time network defense and sofisticated threat analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What TAXII stands for?

A

Trusted Automated Exchange of Indicator Information (TAXII) is a set of specifications for exchanging cyberthreat information, such as STIX, to help organizations share information with their partners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What STIX stands for?

A

Structured Threat Information Expression (STIX) is a language for having a standarized communication for the representation of cyberthreat information. The STIX language has a number of constructs or components, such as Indicator, Exploit Target, Threat Actor, and many more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What CybOX stands for?

A

CybOX provides a common structure for representing cyber observables across and among the operational areas of cybersecurity. Cyber observables can be dynamic events or stateful properties. Examples can be, email messages that are received from a specific address, a network connection that is established toward a specific address, the MD5 hash of a file, a registry key, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mention at least 3 types of indicators that are supported in ESM

A

These are the supported indicators in ESM
* Indicator Type Watchlist Type
* Email Address
* File Name, File Path
* (Flows) IPv4, IPv6
* (Flows) MAC Address
* Fully Qualified Domain Name
* IPv4, IPv6
* MAC Address
* MD5 Hash
* SHA1 Hash
* Subject
* URL
* Username
* Windows Registry Key
* Windows Registry Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do you manually add a Cyber Threat Feed on ESM?

A
  • Click System Properties
  • Cyber Threat Feed
  • Add
  • Create name of feed
  • Select Manual Upload
  • Set indicator type to append to watchlist (optional)
  • Select type of events or flows and how far back this data is analyzed
  • Click finish
  • Click Upload
  • Finally select STIX file
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Content Pack on a SIEM?

A

It’s group of contained use-case driven correlation rules, alarms, views, reports, variables, and watchlists to address specific malware or threat activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

trellix esm 11.0 and 11.5 essentials (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions