CVE-2020-16898 – Bad Neighbor – Monitoring By SIEM

eve-2020-16898 bad neighbour Siem content

CVE-2020-16898 – Bad Neighbor SIEM Content Packages A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. An attacker would have to send specially crafted ICMPv6 Router Advertisement […]

How to prevent your SIEM from being blind

Learn how to porevent you SIEM from being blind. An article by Mr. Eli Bentiah CyberSIEM's CEO.

How to prevent your SIEM from being blind Getting log files from multiple systems requires additional actions such as correct permissions, appropriate network settings, proper resources allocations, and KeepAlive alerts. But what happens if something goes wrong? Apparently, the log files will not arrive. We will focus on a problem that can cause peripheral blindness […]

Rules based on aggregate SUM

Rules based on aggregate SUM

How to create a data monitor which will collect the information from the last X time, and sum the quantity and create a rule that use the audit events of the Data Monitor to check if the value is more than a specific threshold.

Contain from Active List

Contain from Active List

Have you ever wanted to create a rule that has the ‘Contain From Active List’ condition in ArcSight?