CVE-2020-16898 – Bad Neighbor – Monitoring By SIEM

CVE-2020-16898 – Bad Neighbor SIEM Content Packages A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client. An attacker would have to send specially crafted ICMPv6 Router Advertisement […]

CVE-2019-0708 – BlueKeep – Monitoring By SIEM

CVE-2019-0708 BlueKeep – SIEM Content Packages Bluekeep is a critical vulnerability that allows an attacker to send malicious packets to a vulnerable target over RDP and remotely execute commands with elevated privileges. The vulnerability occurs during pre-authorization and does not require any user interaction, which makes it really critical. This vulnerability will affect these OS […]

CVE-2020-1350 – SigRed – Monitoring By SIEM

SIEM Content Packages For CVE-2020-1350 – SigRed By CyberSIEM “SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, […]

CVE-2020-1472 – ZeroLogon – Monitoring by SIEM

SIEM Content Packages For CVE-2020-1472 – ZeroLogon By CyberSIEM As you know, one of the most critical vulnerabilities has recently been published – ZeroLogon An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka ‘Netlogon Elevation of Privilege […]

How to prevent your SIEM from being blind

How to prevent your SIEM from being blind Getting logs from multiple systems also requires correct permissions, network settings, proper resources, and perfect KeepAlive alerts. But what happens if something goes wrong? Apparently, the logs will not arrive. We will focus on a problem that can cause peripheral blindness with minimal effort: Disable SIEM service […]

Active List With Dynamic TTL

Active List With Dynamic TTL

The CyberSIEM team has developed a tool that makes taking care of these exclusions as simple as creating an Active List.