Endpoint Incident Response using - IOC Editor by FireEye
IOC Editor by FireEye is a free tool that provides an interface for managing data and manipulating the logical structures of IOCs. IOCs are XML documents that help incident responders capture diverse information about threats, including attributes of malicious files, characteristics of registry changes, and artifacts in memory.
The IOC Editor includes:
- Manipulation of logical structures that define the IOC
- Application of meta-information to IOCs, including detailed descriptions or arbitrary labels
- Conversion of IOCs into XPath filters
- Management of lists of “terms” used within IOCs
From an incident response perspective, identifying the patient zero during
the incident or an infection is just the tip of the ice berg. A responder must gather evidence, artifacts, and data about the compromised systems and having the right tool to execute these actions is a must. Not only it does automate everything, but it also helps the responder to reduce the time to solve the issue.