Dragos’ April Knowledge Pack is now available to Dragos Platform customers.
Dragos Knowledge Packs are monthly deliveries of the latest threat analytics, ICS/OT device data, and investigation playbooks to ensure our customers are armed with the proactive, comprehensive information needed to better understand their ICS/OT environments and assets and combat advanced threats.
Key highlights of the April Knowledge Pack include:
Expanded ICS/OT protocol inspection and device data for mining-specific assets
Additional detections for General Electric (GE) Mark Controller devices
New protocol dissectors for Emerson Ovation and ABB, including: CSLIB, TOOLSERVER, SSRPC P10009, DB_XMIT, Ovation REM Server, Ovation Alarm, Ovation MGMT
New threat behavior analytics that detect red team behaviors adopted by some ICS adversaries, including: Net.exe command detections, DCSync, Powershell Empire Recon, Powershell Empire C2, Cobalt Strike
Lastly, Dragos’ April Knowledge Pack also contains the latest indicators of compromise from the Dragos Intelligence team, as well as custom-authored investigation playbooks to ensure our customers have the best-practice response guidance direct from our team of industrial responders and threat hunters.