Understand Threat Activity

A primary part of your daily workflow likely includes understanding active threat activity in your organization’s network. To help understand threat activity, the Cybereason platform generates MalOps to identity likely malicious behavior. A MalOp, or malicious operation, ties together the attack chain, or the complete, end-to-end story of a cyber attack. Through advanced detection techniques, Cybereason recognizes when multiple suspicious activities are likely part of a single security incident, and generates a MalOp which provides security analysts with a single point of investigation.

This section presents information about how to understand, manage, and remediate MalOps in your Cybereason platform:

  1. View MalOps in the Malops management screen:

    If you are unsure whether your environment is based on the newer Data Platform model, use the following image as a guide:

    Malops management screens

  2. Learn about the different type of MalOps and their components: Malop Types and Components

  3. Learn how endpoint data becomes a MalOp: Fact to MalOp

  4. Learn how MalOp activity is grouped: MalOp Grouping

  5. Learn how to understand the activity in a MalOp: Examine MalOp Details

  6. Learn how to analyze the MalOp details to determine the malicious nature of the activity: Analyze MalOp properties to determine threat level

  7. Learn how to manage the MalOp workflow: Manage the MalOp Workflow

  8. Choose a response option. The Cybereason platform provides a number of response options, including the ability to:

  9. Exclude benign behavior from triggering additional MalOps

Looking for XDR MalOps? See Examine XDR Malops.