OUR BLOG
How to prevent your SIEM from being blind
How to prevent your SIEM from being blind Getting logs from multiple systems also requires correct permissions, network settings, proper resources, and perfect KeepAlive alerts.
CSV to ActiveList
When you want to add external information to Active Lists in ArcSight as a solution, you have to build a custom flex connector, parse the data, and create a pre-persistent rule that will add the information to the Active List.
Active List With Dynamic TTL
The CyberSIEM team has developed a tool that makes taking care of these exclusions as simple as creating an Active List.
ArcSight Rule Action – Telegram Message
Any conversation with the bot has a unique Chat ID, the bot will need this ID to know where to send the message. Of course, you can use the same bot for a few conversations, and send different alerts to each group.
Nested Groups in Active Directory
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.
Delete Multiple Cases – ArcSight Tool
We, CyberSIEM, developed a tool that will delete the cases with the ArcSight API the right way, without hurting the job.
Mail impersonation – Mail phishing recognize
Mail impersonation is one of the most popular and successful attacks today. This kind of attack can be split into two main types: Phishing and Mail impersonation.
Rules based on aggregate SUM
How to create a data monitor which will collect the information from the last X time, and sum the quantity and create a rule that use the audit events of the Data Monitor to check if the value is more than a specific threshold.
Contain from Active List
Have you ever wanted to create a rule that has the ‘Contain From Active List’ condition in ArcSight?