Explore ready-to-use scenarios. Get inspired and see what's possible!
The Windows shortcut (LNK) files are frequently used for malicious purposes by threat actors. In this article we are going to cover an example scenario, which takes a couple of characteristics into account to block potentially malicious shortcut files.
Contextal Platform's image processor includes capability to detect NSFW graphical content. We will create a scenario triggering an alert action when such images are detected in the data flow.
A Client-Side Path Traversal (CSPT) attack, also known as "On-Site Request Forgery" is a vulnerability, which can be used for CSRF or XSS attacks.
A Carriage Return Line Feed (CRLF) Injection is a type of web security vulnerability where an attacker manipulates how web applications interpret input containing carriage return (\r) and line feed (\n) characters.
The malicious directory traversal has been exploited for years by threat actors, taking different forms, such as Zip Slip.
Excel 4.0 macros (also known as XLM macros) are frequently used for malicious purposes, and while Microsoft now by default limits their usage, they could still pose a threat in some environments.
False positives are a common challenge in cybersecurity. Often, some detections are too generic and when broadly applied, could have a tendency to block more things than necessary. Users are sometimes forced to disable entire detections to avoid these issues - but with Contextal Platform, you can handle these cases with precision, see how!
Contextal Platform is built with resiliency at its core. It utilizes dedicated data processors, which are independent and isolated services. A failure in a data processor, potentially signalling an attack on the system, is treated as an indicator, on which you can act with ContexQL!
While Contextal Platform collects information from malware scanners, it does not, by default, take any direct actions on infected objects. Instead, it leaves the decision to users on how to handle detected malware. In this article, we will demonstrate an example scenario that can be deployed to block malicious objects.