sophos / solarwinds-threathunt Public

Notifications You must be signed in to change notification settings
Fork 12
Star 33

Threathunt details for the Solarwinds compromise

GPL-3.0 license

33 stars 12 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 43 Commits
LICENSE		LICENSE
README.md		README.md
find-solarwinds.sql		find-solarwinds.sql
ioc-hunt.md		ioc-hunt.md
iocs.csv		iocs.csv
query-for-central.sql		query-for-central.sql
splunk-searches.md		splunk-searches.md

Repository files navigation

Threathunt for the Solarwinds Compromise

IOCs

Published coallated IOCs for this attack

CSV of Published IOCs - https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/iocs.csv

RAW IOCs - https://raw.githubusercontent.com/sophos-cybersecurity/solarwinds-threathunt/master/iocs.csv

Sophos Central Live Discover

Queries for Sophos Live Discover

Check if a server has Solarwinds and is vulnerable - https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/find-solarwinds.sql
Check for the specific IOCs listed by Fireeye - https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/ioc-hunt.md

Splunk Searches

Useful Splunk searches for threathunting - https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/splunk-searches.md

About

Threathunt details for the Solarwinds compromise

GPL-3.0 license

Custom properties

Report repository

Releases

No releases published

Packages

No packages published

Contributors 3