Jump to content

How do I add custom search patterns for detection


Recommended Posts

We use ESET Protect 10.1.1291.0.

A customer has not only a VPN tunnel to us, but also to another IT partner. This IT partner was individualy attacked and now provided an individual list of IOC hashes as well as a list of attacking IPs.

For the moment, there is no indication, that the customers network had been compromized. Nevertheless, I would like to scan my network as well for signs of intrusion as I have no information, wether ths IT Partner reported anyway to update standard AV search databases.

How could I extend the ESET databases for the full client file scan and the IDS/HIPS for all clients?

 

Link to comment
Share on other sites

  • Administrators

You can send the list of hashes to samples[at]eset.com for a check in case we've got such samples. As for blocking network communication with IP addresses, you can create a blocking firewall rule with the IP addresses listed.

It's also possible to block SHA1 of files via our XDR solution ESET Inspect.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...