Malware threat hunting is the process of proactively searching for malicious activity. It is a critical part of any organization’s security posture, as it can help to identify and mitigate threats that may have otherwise gone undetected.
Sigma rules and YARA rules are two powerful tools that can be used for detection and malware threat hunting. Sigma rules are a type of open rule language that
can be used to describe malicious activity.
Many sigma rules can be converted into yara rules for use with the VT yara module
to match data from our inhouse
and external
sandboxes and behavioral engines. You can then use the VirusTotal
IOC Stream
, to view the YARA matches on new file analysis.
This article has been indexed from VirusTotal Blog