The most recent content from our members.
Today, in the fifth post of this six-part series, we’re going to cover the fourth and final domain of our reference model for IT infrastructure security. Not only is this the last domain in the model, it is one of the most exciting. As IT professionals, we are all being asked to do more with less. This is why we need…
Hello, What would be the best way to go about switching off communication with a malicious/compromised/blocked IP that is fed from Thread Intelligence Feed or manually inserted into UDG from Emerging Threats rulesets at Index of /blockrules I tried to correlate WebTrafficAudit event (OR) Network Audit event group with…
I recently enabled the Threat Intelligence feed on our LEM: https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/Using_the_Threat_Intelligence_Feed I've been monitoring the "Threat Events" filter on the LEM (v6.3) and am trying to figure out the what/why/how of what I'm seeing. Its supposedly logging IP…
How threat intelligence with LEM works for Syslog traffic received from Firewall/UTM? Does it check IP reputation with external threat database or downloads and stores threat database locally on SIEM? If it checks with external database, does it check for each source/destination IP every time? If it has checked the…
Such as STIX/TAXII and some of the other OSINT that are available. I think that Threat Intel sharing is one of our best ways to provide better defense ASAP. It is also has a low barrier to entry, most Industries are requiring membership and the ROI is greater than the expenses and easy to determine. Happy New Year! Jeff
Security tools: sometimes it seems that we never have enough to keep up with the task of protecting the enterprise. Or, at least it seems that way when walking the exhibit floor at most technology conferences. There’s a veritable smorgasbord of tools available, and you could easily spend your entire day looking for the…
I am trying to troubleshoot some issues allowing the threat intelligence feed access through our firewall. Is there a way to manually kick off an update? I have tried manually turning it off and then on again under Manage/Appliance/Settings tab, but that didn't seem to do it. Having to wait 24 hours (or more) for it to…
With LEM 6.2 RC going on, and the impending release of 6.2, I've been using and abusing Threat Intelligence Feeds to find out some of the ways that this can fail. * These rules will only produce results on LEM 6.2 or later * These rules were written and tested on 6.2RC1 (as of Aug 21 2015) * There are three rules in the…
It looks like you're new here. Sign in or register to get started.