Respond to MalOps (Analysts)

As an analyst, your main task is to analyze Malops and decide how to respond.

What are MalOps?

MalOps are indications that an advanced attack has occurred. MalOps provide the complete story of the malicious activity detected by the Cybereason platform. MalOps bring together a pattern of malicious behavior, detailed in the MalOp details, and also help you understand what processes, users, machines, and communication was included and affected by the MalOp.

The Cybereason platform detects MalOps using proprietary detection rules based on all collected data. You manage MalOps from the Malops management screen.

Malops management card view

Learn more about MalOps, see:

Analyze and triage MalOps

You use the Malops management screen to follow the MalOp analysis and remediation workflow.

To learn more about how to use the MalOp workflow, see:

  1. View Malops (if you do not have the new Data Platform) or View MalOps with the Data Platform Architecture (if you have the new Data Platform)

  2. Analyze MalOps and Determine Threat Level

  3. Manage the MalOp Workflow

  4. Remediate MalOps

To learn more about handling MalOps, see Understand Threat Activity.

For L3 analysts - manage organizational intelligence

As an L3 analyst, you can manage organization-wide security information and intelligence. This includes updating your private threat intelligence reputation database, creating behavioral allowlisting rules, and creating custom detection rules.

To learn more about how to use reputations, see:

Security Page

Videos

Watch this video to learn how to respond to MalOps using the Malops management screen:

Watch this video to learn how to perform remediation on MalOps:

Watch this video to learn about the MalOp workflow:

Watch this video to learn about machine isolation:

Watch this video to learn how to use the Remote Shell for remediation:

Training courses

We recommend enrolling in Cybereason Academy online training courses for analysts:

Cybereason Academy