Alarm Naming Proposal for HMPA

I recently discovered that HMPA blocking certain malicious behaviors can already trigger a Cleanup, and I have a suggestion to change the HMPA blocking prompts to be more aptly named based on the MITRE ATT&CK architecture, as in the behavioral defense module developed by sophos itself.

Here are some hypothetical names for HMPA blocking, to better fit the MITRE ATT&CK framework and the self-developed Behavioral Defense nomenclature:

Exec_SysCallX64 (T1106)
Impact_CryptoGuard (T1106)
Exec_HollowProcess (T1055)

This is just a friendly offer. Thank you.

Added tags
[edited by: GlennSen at 3:20 PM (GMT -7) on 3 Sep 2024]

0 GlennSen 2 months ago

Hello Ong,

Thank you for reaching out to the community forum.

We appreciate the input you've shared to improve our product. I suggest you raise this idea as a feature request with your account manager so they can share this suggestion with our internal team.
Setting your expectations: Not all suggestions under feature requests can be implemented, as our team needs to scale the request's value according to its impact as a whole.

Once again, Thank you for sharing this idea, and don't hesitate to share it with us when you have one in the future. Have a good day ahead,

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel