Palo Alto Networks, Inc.
CONTEXT FOR MALWARE FORENSICS AND DETECTION

Abstract:

A malware profile is received. The malware profile comprises a set of one or more activities associated with executing a copy of a known malicious application that is associated with the malware profile. A set of one or more log entries is analyzed for a set of entries that matches the malware profile. Based at least in part on identifying the set of entries matching the malware profile, a determination is made that a host was compromised.