Detection engineering enterprise
Reglas unificadas XDR/EDR
Consola unica para reglas de deteccion, Custom IOA, politicas ML/behavioral, IOC rules, Fusion workflows y hunting queries convertibles en controles persistentes.
Inventario tecnico unificado
3 reglas enterprise configuradas
| Regla | Tipo | Accion | Severidad | Host groups | Sensibilidad | Acciones |
|---|---|---|---|---|---|---|
| Custom IOA - Bloquear PowerShell codificado | custom_ioa | alert_and_block | high | workstations, users-standard | 90% |
Ver Editar |
| Policy - Servidores criticos ML agresivo | prevention_policy | block | critical | servers-critical, domain-controllers, database | 96% |
Ver Editar |
| IOC - Bloqueo rapido de campaña activa | ioc_rule | alert_and_block | high | all-endpoints | 87% |
Ver Editar |
Modificar regla
IOC - Bloqueo rapido de campaña activa
ioc_rule
IOC - Bloqueo rapido de campaña activa
alert_and_block · enabled · high
T1071T1105
1. Custom IOA
Comportamiento a la medida
Eventos
network_connection, file_write, process_creation
Procesos
Argumentos
Rutas/Registro
2. Policies + ML Behavioral
Motores internos
Machine Learning
70%
Behavioral Analysis
75%
Exploit Prevention
70%
3. Indicators / IOC Rules
Hash, dominio e IP
Hashes
sha256:malicious-campaign-placeholder
Dominios
c2-campaign.example
IPs
203.0.113.10
FP controls
threat intel expiry review
4. Fusion Workflow
Orquestacion
Triggers
indicator_match
Condiciones
indicator_confidence >= high
Acciones
block_destination
quarantine_file
notify_teams
5. Event Search / Threat Hunting
Regla no persistente convertible
DomainName=c2-campaign.example OR RemoteIP=203.0.113.10