GIBTIA_Compromised_mule
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Author: Hesham Saad
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | Group-IB |
| Source | View on GitHub |
⚠️ Not listed in Solution JSON: This content item was discovered by scanning the solution folder but is not included in the official Solution JSON file. It may be a legacy item, under development, or excluded from the official solution package.
Tables Used
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
GIBTIACompromisedMule_CL |
? | ✓ | ? |
GIBTechTable_CL |
? | ✓ | ? |
Additional Documentation
📄 Source: readme.md
Ingest Group-IB Threat Intelligence & Attribution Feeds and Indicators Collections
Author: Hesham Saad
Group-IB Azure Sentinel playbooks designed by Group-IB team and supported by Microsoft team to ingest Threat Intelligence & Attribution feeds and indicators from multiple Group-IB data collections and writes them to Microsoft Security Graph API to be listed under Azure Sentinel ThreatIntelligenceIndicators table and custom log tables as well for adversaries, threat actors,...etc
There are a number of pre-configuration steps required before deploying the playbooks.
Group-IB Sentinel Playbooks Collections Detailed Description
- "GIBIndicatorProcessor" Playbook
This playbook is used to send indicators to Microsoft Security Graph API from all other GIB playbooks.
- "GIBTIA_APT_Threats" Playbook
a. Collection: apt/threat
b. Has Indicators: Yes
c. Indicators Content:
GIB APT Threat Indicator(IPv4)
GIB APT Threat Indicator(domain)
GIB APT Threat Indicator(url)
GIB APT Threat Indicator(md5)
GIB APT Threat Indicator(sha256)
GIB APT Threat Indicator(sha1)
d. Description:
Group-IB continuously monitors activities undertaken by hacker groups, investigate, collect, and analyze information about all emerging and ongoing attacks. Based on this information, we provide IOC's related to APT Groups Attacks.
- "GIBTIA_APT_ThreatActor" Playbook
a. Collection: apt/threat_actor
b. Has Indicators: No
c. Indicators Content: N/A
d. Description:
This collection contains APT groups’ info, with detailed descriptions.
- "GIBTIA_Attacks_ddos" Playbook
a. Collection: attacks/ddos
b. Has Indicators: Yes
c. Indicators Content:
GIB DDoS Attack(IPv4)
d. Description:
The "DDoS attacks" collection contains a DDoS Attacks targets and C2 indicators.
- "GIBTIA_Attacks_deface" Playbook
a. Collection: attacks/deface
b. Has Indicators: Yes
c. Indicators Content:
GIB Attack Deface(url)
d. Description:
The “Deface” collection contains information about online resources that have become subject to defacement attacks (the visual content of a website being substituted or modified).
[Content truncated...]
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊