Description
The objective of this project was to automate the collection and enrichment of malicious binary hashes identified by EDR. The C# application:
- Retrieved EDR logs from SIEM for analysis.
- Stored executable signatures and metadata in a SQL Server database.
- Queried a CTI database via API for real-time reputation data.
- Cross-referenced the company’s MISP platform for correlations with historical incidents.
- Periodically updated the database with evolving threat intelligence.
This streamlined malware analysis process accelerated incident response and enriched threat intelligence.
Technology used
- C#
- SIEM
- MISP
- SQL Server