Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Setting up LEM to detect Advanced Persistent Threats (APTs)/Trojan-Ransom





Due to recent events, my company wants to expand LEM to notify our team when Advanced Persistent Threats (APTs)/Trojan-Ransom infect our network.  Reading the following links gives a good high-level overview:




Handling Cybersecurity Threats




Cybercriminals infiltrate banks! Hundreds of Millions Lost!  Lessons for the rest of us




What is an APT?



Cybersecurity – A Practical Approach to Actionable Intelligence




However, I am looking for a more detail guideline.  While I clearly understand each APT/Trojan could operate differently, I am looking for a more gradular guideline or whitepaper to set up LEM to notify my group an APT is on the network.  After I installed LEM I watched the following great video posted by Nicole Pauls!  Her video really helped.  Is there one for setting up LEM to detect APTs?  Or, are there other guidelines/white papers on setting up this listed feature of LEM?

Thank you,



2 Replies
Level 9

Check out the rules that came with LEM, some of them (especially the ones in the Security section) are oriented towards detecting APTs, for instance SQL injection.

I would like to hear opinion on this from advanced users as well, they might have something more important to share on this matter.

0 Kudos
Level 9


Thanks for the tip!


0 Kudos