Investigate and Respond to Sobolan Malware with Aqua Security

When malware attacks like Sobolan are detected, Aqua helps security teams thoroughly analyze and mitigate these threats. Whether it is threat hunting in cloud environments or following an alert, the Aqua Hub provides logs and captured artifacts so you can see how Sobolan gained access, what processes it ran, and how it attempted to persist.

In addition to investigation, Aqua Runtime Protection monitors workloads in real time and enforces policies that block Sobolan techniques such as cryptominer execution, fileless scripts, and backdoor creation.

Response Steps

1. Create a Response Policy: Log in to the Aqua console and go to Aqua Hub > Response Policies
2. Define Basic Data: Name the policy and provide a description
3. Select Application Scope: Choose the application scopes to monitor
4. Select a Trigger: Configure alerts for Issues, Scan Results, or Incidents
5. Select Action: Configure notification channels like Slack or email