The most recent content from our members.
Hi team, We have some logs coming in from Stormshield and I want to create Rules off of the ones that were generated by specific firewall rules. I would like to recover a specific word instead of the entire content. For example: we have a block list of IP addresses that attempt to access over ssh, the firewall rule block…
Hi, I'm familiar with the "Continuous Excessive Logon Failure" rule/template. That's great but, I want a little more. What I want to be able to do is create a rule for when a brute force attack is successful. Let's say an account triggered the "Continuous Excessive Logon Failure" rule, repeatedly. So email alerts are sent…
Hello - I know that the suspicious DNS rule is often the one that creates the most noise on the network and what I am looking for is to find the best option for writing this rule. Currently this rule will generate a ton of traffic. Where as this specific rule generates no traffic at all. The first rule is generating its…
Can anyone help me with rules for the below events on SEM Simultaneous Logins Malware Detection on systems – with the view to take action at a later point in time (remove system from the network). New Application Installation on systems Traffic by Destination Port SEM Log storage Server Status Torrent Traffic .
Hello, What would be the best way to go about switching off communication with a malicious/compromised/blocked IP that is fed from Thread Intelligence Feed or manually inserted into UDG from Emerging Threats rulesets at Index of /blockrules I tried to correlate WebTrafficAudit event (OR) Network Audit event group with…
Tested and working for: Our e-mail response connector is enabled and working. We have enable the USB-Defender Policy connector and uploaded a notepad for USB devices that are white listed. Also, included the USB devices ID into the "Authorized USB Devices" group. Unauthorized USB is now currently detached instantly if…
It looks like you're new here. Sign in or register to get started.