Host With Old Infection Or Potential Re-Infection

Description

Alerts when a host with an old infection is discovered (likely a re-infection).

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring, Compliance

Category

Endpoint Compromise, GDPR

Alert Volume

Alerts when a host with an old infection is discovered (likely a re-infection).

SPL Difficulty

Advanced

Journey

Stage 2

MITRE ATT&CK Tactics

Execution

MITRE ATT&CK Techniques

User Execution

Data Sources

Anti-Virus or Anti-Malware

   GDPR Relevance

Impact:

Similar to Detection of Uncleaned Malware on Endpoint – uncleaned malware puts digital systems at risk. For any environments/systems that are involved in processing personal data, this situation can be critical, and especially so in a GDPR context. Article 32 of the GDPR requires that organizations regularly test, assess and evaluate effectiveness of implemented technical and organizational security controls. In the event that a Supervisory Authority executes powers to place an organization within the scope of a privacy audit, the organization must demonstrate compliance (Article 58). If the organization faces a personal data breach and individuals are impacted, those individuals have the right to demand compensation for material and non-material damage caused by the breach. The organization must prove that they have understood and addressed the risk appropriately and deployed proper countermeasures (Article 82).

Resolution Path:

Removing malware infections that antivirus and other legacy endpoint protection software cannot remove (whether due to file permissions or other configurations that prevents easy quarantine or cleaning) can be considered in many cases appropriate, and helps to demonstrate compliance.

   Screenshots