Threat hunting with Cymon API

Introduction

In this article, we’ll discuss mock intrusion attempts on our systems and show you make use of Cymon to query important information that you can use in an effective threat hunt. In our case, we’ll demonstrate how we halted progression of the attack, effectively stopping it in its tracks.

It should be noted that although the discussed scenarios are entirely fictional, they are very possible in today’s world of increasing .

Introduction to the Cymon API

Cymon is the largest tracker of malware, , botnets, spam and more. It is maintained by the private company eSentire. Cymon allows you to:

Search threat reports for free. Reports could include reported IPs, domains, binary hashes and so much more Collaborate with other researchers. Cymon allows you to create your own feed and invite users to contribute IoC or submit reports to other feeds Export feeds. You are able to export your own feeds or public ones Integrate with existing . Cymon allows you to integrate with existing tools in order to deliver on threat intelligence

The above functions can be performed directly on the Cymon app or by interacting with the provided

Read More: https://resources.infosecinstitute.com/topic/threat-hunting-with-cymon-api/