Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 1. Learn about the Red Hat Lightspeed malware detection service
The Red Hat Lightspeed malware detection service is a monitoring and assessment tool that scans Red Hat Enterprise Linux systems for the presence of malware. The malware detection service incorporates YARA pattern-matching software and malware detection signatures. Signatures are provided in partnership with IBM X-Force threat intelligence and CrowdStrike (requires a CrowdStrike Falcon Adversary Intelligence Premium license), working closely with the Red Hat threat intelligence team.
Depending on your user access permissions as an administrator or viewer in the Red Hat Hybrid Cloud Console, you can perform the following actions within the malware detection service:
- Review the list of IBM and CrowdStrike signatures that the service uses to scan your Red Hat Enterprise Linux systems.
- Review the overall results for all RHEL systems with malware detection enabled in the insights-client.
- Review the scan results for individual RHEL systems.
- Identify RHEL systems showing evidence of the presence of malware.
The malware detection service gives you valuable information to prepare a response against threats to RHEL systems within your organization.
The malware detection service does not provide recommendations to resolve or remediate malware incidents.
1.1. Malware signature sources
YARA signature detection is the cornerstone of the Red Hat Lightspeed malware detection service. A YARA signature describes a malware type as a pattern: a set of strings and a boolean expression that form a rule. When a scan on a Red Hat Enterprise Linux system matches that rule, YARA records a hit on that system.
The malware detection service includes predefined signatures from the IBM X-Force Threat Intelligence team and evaluates your systems against hundreds of those default rules to help detect malware on Red Hat Enterprise Linux systems. The service also supports the manual addition of thousands of CrowdStrike signatures. Knowing whether a rule comes from IBM X-Force or from CrowdStrike helps you interpret default coverage and any optional rules you add.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}