FireEye, one of today's top cybersecurity companies, has released a new pre-configured virtual machine (VM) that was specifically set up to help threat intelligence analysts hunt down adversaries.
Named the ThreatPursuit VM, this is a Windows 10 installation that comes with more than 50 software programs that are commonly used by threat intel analysts.
The idea behind ThreatPursuit is to provide companies with a ready-made OS that can be deployed to new workstations before, during, or after a security incident and provide threat intel analysts with a ready-to-use work environment.
For example, ThreatPursuit could be deployed to tens or hundreds of machines at the same time and scale up a security firm's incident response capabilities.
It can also be deployed on computers inside a customer's network when providing incident response in a remote location, where a victim company may be lacking a threat analysis environment.
ThreatPursuit comes preinstalled with a wide range of tools
More than 50 tools are currently included with ThreatPursuit. The tools range across multiple categories.
There are tools preinstalled in ThreatPursuit that can be used by threat intel analysts to feed indicators of compromise (IOCs) like URLs and file hashes into local or remote MISP platforms.
There are also tools that can allow analysts to see connections between servers and malware samples using visual graphs. And there are tools that can be used to emulate attackers and their intrusion patterns against a company's network.
The full list of tools is below, as available today on ThreatPursuit's GitHub repository[1]:
Development, Analytics and Machine Learning Tools:
- Shogun
- Tensorflow
- Pytorch
- Rstudio
- RTools
- Darwin
- Keras
- Apache Spark
- Elasticsearch
- Kibana
- Apache Zeppelin
- Jupyter Notebook
- MITRE Caret
- Python (x64)
Visualisation Tools:
- Constellation
- Neo4J
- CMAP
Triage, Modelling & Hunting Tools:
- MISP
- OpenCTI
- Maltego
- Splunk
- MITRE ATT&CK