CyberSIEM's BLOG
Grid Field – DB Entry Mirroring
Grid Field – DB Entry Mirroring This post is the 2nd part, of a two-part use case on Grid Field in SOAR, written by our
How to use a Grid Field
How to use a grid field In this post, our SOAR expert, Mr.Ben Aviv, will demonstrate how to use a grid field in XSOAR (Demisto).
Remote Code Execution Vulnerability CVE-2021-40444
About CVE-2021-40444 Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that
“It’s good to be the king” – is that so?
“It’s good to be the king” – is that so? In every kingdom, you will find only one king. But as always, there are some
Advanced Linux threats Monitoring
In this article, we will discuss UnixLinux’s standard Monitoring capabilities and will present CyberSIEM’s unique developments that expand and upgrade Linux Monitoring Capabilities. These capabilities
CVE-2021-34527 (CVE-2021-1675) PrintNightmare – Detection by SIEM Guide
Overview The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary
CVE-2020-16898 – Bad Neighbor – Monitoring By SIEM
CVE-2020-16898 – Bad Neighbor SIEM Content Packages A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An
CVE-2019-0708 – BlueKeep – Monitoring By SIEM
CVE-2019-0708 BlueKeep – SIEM Content Packages Bluekeep is a critical vulnerability that allows an attacker to send malicious packets to a vulnerable target over RDP
CVE-2020-1350 – SigRed – Monitoring By SIEM
SIEM Content Packages For CVE-2020-1350 – SigRed By CyberSIEM “SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS
CVE-2020-1472 – ZeroLogon – Monitoring by SIEM
SIEM Content Packages For CVE-2020-1472 – ZeroLogon By CyberSIEM As you know, one of the most critical vulnerabilities has recently been published – ZeroLogon An
How to prevent your SIEM from being blind
How to prevent your SIEM from being blind Getting log files from multiple systems requires additional actions such as correct permissions, appropriate network settings, proper
CSV to ActiveList
When you want to add external information to Active Lists in ArcSight as a solution, you have to build a custom flex connector, parse the data, and create a pre-persistent rule that will add the information to the Active List.
Active List With Dynamic TTL
The CyberSIEM team has developed a tool that makes taking care of these exclusions as simple as creating an Active List.
ArcSight Rule Action – Telegram Message
Any conversation with the bot has a unique Chat ID, the bot will need this ID to know where to send the message. Of course, you can use the same bot for a few conversations, and send different alerts to each group.
Nested Groups in Active Directory
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.
Delete Multiple Cases – ArcSight Tool
We, CyberSIEM, developed a tool that will delete the cases with the ArcSight API the right way, without hurting the job.
Mail impersonation – Mail phishing recognize
Mail impersonation is one of the most popular and successful attacks today. This kind of attack can be split into two main types: Phishing and Mail impersonation.
Rules based on aggregate SUM
How to create a data monitor which will collect the information from the last X time, and sum the quantity and create a rule that use the audit events of the Data Monitor to check if the value is more than a specific threshold.
Contain from Active List
Have you ever wanted to create a rule that has the ‘Contain From Active List’ condition in ArcSight?