You can perform Threat Hunting on resources.
What it does: Runs an on-demand Threat Scan on a resource using the latest signatures and threat intelligence. The on-demand scan leverages malware and encryption detection techniques, including hash-based checks and YARA rules imported by the user.
When to use: After an incident is suspected/confirmed and you want to do the following:
-
Reassess a resource with updated detection intelligence (signatures/models/IOCs).
-
Validate whether a resource is trending clean or showing signs of infection before selecting an appropriate restore strategy.
-
Rescan backups using latest signatures and threat intelligence.
Procedure
-
From the Command Center navigation pane, go to Security center > Threat scan.
The Threat Scan page appears.
-
The Resources tab shows the resources that are currently scanned by Threat Scan.
-
For the resource you want to perform Threat Hunting on, click the Actions button
, and then select Threat hunting.The Threat hunting dialog box appears, as follows:
-
In the Plan field, select a Threat Scan plan, or create a new one by clicking the add button
. -
Click Submit.