Content & Malware Analysis

 View Only

CAS 4.2 & EDR maleware analysis Correlation

  • 1.  CAS 4.2 & EDR maleware analysis Correlation

    Posted Jun 09, 2020 09:01 AM
    Hi,
    We have Integrated CAS S400-A2 Appliances with the on-premise Symantec Endpoint Detection & Response (EDR) in one of our clients. In the event of Submitting any file to CAS from the EDR for analyzation. I can check the status on EDR Action Logging page & I am aware each time I submit a file There's a task appear on CAS Malewar Analysis page with a new task ID. That's how I can find out the cas has created a task upon my submission as well as under owner I can see the EDR user. However, there's no similarity between this task details & EDR Action Logging.

    If I check out later let's just say one day later there's no way to find out which task has been created based on my last submission? I have tried with collecting the Hashes from the Task & search the Hashes in EDR but did not find any result. I presume hash may be changed once the file reach CAS.

    I don't know whether I have made myself clear or not Our Client looking for a relation between EDR Submission & CAS Task in order to crosscheck the result.