OUR BLOG
CSV to ActiveList
When you want to add external information to Active Lists in ArcSight as a solution, you have to build a custom flex connector, parse the data, and create a pre-persistent rule that will add the information to the Active List.
Active List With Dynamic TTL
The CyberSIEM team has developed a tool that makes taking care of these exclusions as simple as creating an Active List.
ArcSight Rule Action – Telegram Message
Any conversation with the bot has a unique Chat ID, the bot will need this ID to know where to send the message. Of course, you can use the same bot for a few conversations, and send different alerts to each group.
Nested Groups in Active Directory
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.
Delete Multiple Cases – ArcSight Tool
We, CyberSIEM, developed a tool that will delete the cases with the ArcSight API the right way, without hurting the job.
Mail impersonation – Mail phishing recognize
Mail impersonation is one of the most popular and successful attacks today. This kind of attack can be split into two main types: Phishing and Mail impersonation.
Rules based on aggregate SUM
How to create a data monitor which will collect the information from the last X time, and sum the quantity and create a rule that use the audit events of the Data Monitor to check if the value is more than a specific threshold.
Contain from Active List
Have you ever wanted to create a rule that has the ‘Contain From Active List’ condition in ArcSight?