We are happy to announce an update to the Threat Detection Add-On SD Script for eyeInspect:
Threat Detection Add-On v.1.2
This SD Script extends the detection capabilities of the ITL module of SilentDefense/eyeInspect by inspecting protocol-specific messages.
With this update, the OT Threat Detection Add-On provides additional detection capabilities, including detection of the SolarWinds supply chain cyber-attack equivalent to the Snort rules released by FireEye to detect on monitored network traffic the presence of the SUNBURST malware, which is delivered via the compromised SolarWinds Orion update.
Download and install the Threat Detection Add On v1.2 to gain the following additional capabilities:
- Implemented the detection of the Sunburst backdoor communications related to the SolarWinds supply chain cyber-attack
- Implemented the detection of the Cobalt Strike Beacon communications related to the SolarWinds supply chain cyber-attack
- Improved the DNS related detection logic: false positive were caused by excessively strict length checks
This content update is supported by the following releases:
- SilentDefense/eyeInspect version 3.13.0 and up
- SilentDefense <=4.1.x requires additional scripts to reach equivalent detection capabilities
The SD Script profile must be uploaded in the eyeInspect Command Center. For the Threat Detection Add Ons, the accompanying CSV file must be uploaded in the eyeInspect Command Center. Please be advised that this CSV comes in two versions: a US regional version, and a global version. Upload the version matching your system regional settings.
Download the module and related documentation from the Downloads / Resources section of the OT Customer portal, https://portal.secmatters.com/.