Monitoring Ransomware Activity
Overview
A dashboard to monitor ransomware activity sighted in your network.
The purpose of this dashboard is to focus your attention on the latest updates of ransomware-related Intrusion Sets and Malware, especially those that have been sighted in your network.
It is a great example of what can be created to build your own Priority Intelligence Requirements dashboard in OpenCTI!
Composition
This dashboard presents various lists allowing to immediatly see the most relevant knowledge aand active threats available in your platform, even if the mention of "ransomware " is only in their description!
The end of the Dashboard gives you some insights about the potential origins of these threats.
Data prerequisites
For this dashboard to work you will need to customize the workflows of your Malware and Intrusion Sets in OpenCTI - you must create “Sighted” and “Not Sighted” statuses for both entities.
The idea is that any Malware or Intrusion Set that contains the "ransomware" keyword should have the “Not Sighted” status by default. Then once an Indicator of Compromise that is related to said Malware/Intrusion Set has been sighted in your network, you change the entity’s status to “Sighted” so that the dashboard will be updated accordingly.