Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » How to defend ourselves?
Trace:
wiki:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

wiki:start [2021/01/10 12:03] – created dkwiki:start [2021/01/10 12:21] (current) dk
Line 24: Line 24:
   *        System Services: Service Execution [T1569.002]   *        System Services: Service Execution [T1569.002]
   *        Compromise Infrastructure [T1584]   *        Compromise Infrastructure [T1584]
 +
 +====== Mitigation steps ======
 +
 +  * Implementing multi factor authentication.
 +  * Monitoring all services for any changes in tokens or keys and for malicious activities.
 +  * Re-evaluating API key integrations, SAML integrations and website configuration files.
 +  * Review all system and security policies.
 +  * Resetting user credentials.
 +  * Consider security auditing.
 +
 +====== Links to get started ======
 +
 +[[https://github.com/fireeye/sunburst_countermeasures|FireEye counter measures]]
 +
 +[[https://github.com/bambenek/research/blob/main/sunburst/uniq-hostnames.txt|Sunburst unique Hostnames]]
 +
 +[[https://blog.securityonion.net/2020/12/solarwinds-supply-chain-attack.html|Security onion blog]]
 +
 +[[https://www.solarwinds.com/securityadvisory|Solarwinds Security Advisory]]
 +
 +[[https://socprime.com/blog/sunburst-backdoor-detection-solarwinds-supply-chain-attack-on-fireeye-and-us-agencies/|SOC prime]]
 +
 +[[https://www.compassitc.com/blog/solarwinds-sunburst-hack-and-you-thought-2020-couldnt-get-any-worse|Compass ITC]]
 +
 +
 +
 +
 +
  
wiki/start.txt · Last modified: 2021/01/10 12:21 by dk