// 01Executive summary
This report details the capabilities of the Dragos ICS/OT Threat Detection app for CrowdStrike, designed to enhance visibility and detection of ICS-focused adversaries. It addresses the challenge of limited detection in industrial networks by enabling the import of over 25,000 industrial IOCs into the Falcon platform. The solution aims to provide early warning of ICS threat activity originating in IT networks, improving detection opportunities for specialized TTPs used by ICS adversaries. While not providing immediate IOCs for a specific incident, it outlines a strategic enhancement for operational security teams to broaden existing detection capabilities against industrial threats.
// 02Key metrics
// ttps
2
ATT&CK techniques
// iocs
0
indicators
// actors
0
threat groups
// kwords
10
keywords
// 03MITRE ATT&CK
// 04Threat actors
// no actors matched
// 05Indicators of compromise
// ips0
none
// domains0
none
// urls0
none
// sha2560
none
// md50
none
// emails0
none
// cves0
none
// 07YARA rule
// No IOCs available for YARA rule generation
// 08Keywords
{'keyword': 'crowdstrike', 'score': 5.0415}
{'keyword': 'dragos', 'score': 4.5851}
{'keyword': 'ics', 'score': 2.9923}
{'keyword': 'falcon', 'score': 2.98}
{'keyword': 'threat', 'score': 2.5752}
{'keyword': 'industrial', 'score': 2.4807}
{'keyword': 'platform', 'score': 2.3199}
{'keyword': 'ot', 'score': 2.1212}
{'keyword': 'falcon platform', 'score': 2.0639}
{'keyword': 'cloud', 'score': 1.56}