...

How to use Legit in an incident

In incidents, there are a lot of times where you have a list of IP addresses and you are determining if any of them are points of interest. With Legit, you can match these IP Addresses with Legit and see if there were similar types of attacks at that same time period from that IP Address, or conversely, it’s not in the list, and help you decide the other way.

This is another bit nugget of information in to the SOC Analysts arsenal. The key for Legit is the ability to back a long time instead of the current status. Most APT can be found over 267 or more depending on the document you read, so having an up to six-year history could really help you out.

...