CVE-2020-1350 – SigRed – Monitoring By SIEM

SIEM Content Packages For CVE-2020-1350 – SigRed By CyberSIEM “SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, […]

CVE-2020-1472 – ZeroLogon – Monitoring by SIEM

SIEM Content Packages For CVE-2020-1472 – ZeroLogon By CyberSIEM As you know, one of the most critical vulnerabilities has recently been published – ZeroLogon An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege […]

CSV to ActiveList

CSV to ActiveList

When you want to add external information to Active Lists in ArcSight as a solution, you have to build a custom flex connector, parse the data, and create a pre-persistent rule that will add the information to the Active List.

Active List With Dynamic TTL

Active List With Dynamic TTL

The CyberSIEM team has developed a tool that makes taking care of these exclusions as simple as creating an Active List.

ArcSight Rule Action – Telegram Message

ArcSight Rule Action - Telegram Message

Any conversation with the bot has a unique Chat ID, the bot will need this ID to know where to send the message. Of course, you can use the same bot for a few conversations, and send different alerts to each group.