Valkyrie Kill Chain Notifier-- Very Scary

I received a Valkyrie Kill Chain Notifier in my email with a link to a report.

The report identified an endpoint that executed (tried to execute?) an unknown file, exploit1.exe. In reading the report it talks about all the files and registry keys that the file accesses and changes-- very scary stuff.

However, the report isn’t at all clear about what happened on the endpoint. The endpoint is currently listed as Secure in the device list. Does this mean the file was contained or quarantined? If so, does Valkyrie run the file on a test system to get all this info? I want to be sure that the endpoint didn’t get horribly infected.

Hi @fgreen ,

I will direct our support team to investigate your report and files. We will give you detailed answer for what happened to your files on the endpoint.

Regards,
Product Management Team.