Sign up for our newsletter

Deployed Rules Of The Week
DNS Trace Log Microsoft [email protected] Creation Microsoft [email protected] Errors Web Cache Web Server [email protected] Remote Thread [email protected] [email protected] Load [email protected]

Does your MSSP provide you with an Egress Communication report?
Don’t know what it is? Read here to learn: When the organization’s network is not being filtered and monitored using the organization’s firewall, that exposes

Threat around Google’s .zip TLD
If you didn’t read about it yet, here are some important details to know:Recently, a new top-level domain (TLD) called .zip was introduced by Google.

New SIEM Rules – May 2023
Welcome you to our monthly rules update!We take great pleasure in presenting the most recent rules we created last month to boost your SIEM’s capabilities.

The SIEM 4th Dimension – Timestamp: Unlocking the Secrets of SIEM Log Timestamps
When dealing with timestamps in SIEM logs, it is crucial to understand the origin and context of each specific timestamp. In SIEM events, multiple timestamps

Demystifying SIEM Log Collection and Parsing: What You Need to Know
Introduction: Security Information and Event Management (SIEM) systems play a crucial role in organizations’ cybersecurity efforts. They collect, analyze, and correlate logs from various sources

Grid Field – DB Entry Mirroring
Grid Field – DB Entry Mirroring This post is the 2nd part, of a two-part use case on Grid Field in SOAR, written by our SOAR expert Ben Aviv.

Remote Code Execution Vulnerability CVE-2021-40444
About CVE-2021-40444 Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows.

How to use a Grid Field
How to use a grid field In this post, our SOAR expert, Mr.Ben Aviv, will demonstrate how to use a grid field in XSOAR (Demisto).

“It’s good to be the king” – is that so?
How to use a grid field In this post, our SOAR expert, Mr.Ben Aviv, will demonstrate how to use a grid field in XSOAR (Demisto).

Advanced Linux threats Monitoring
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

2021-34527 (CVE-2021-1675) PrintNightmare – Detection by SIEM Guide
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

Active List With Dynamic TTL
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

CVE-2020-16898 – Bad Neighbor – Monitoring By SIEM
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

CVE-2019-0708 – BlueKeep – Monitoring By SIEM
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

CVE-2020-1350 – SigRed – Monitoring By SIEM
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

CVE-2020-1472 – ZeroLogon – Monitoring by SIEM
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

How to prevent your SIEM from being blind
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

CSV to ActiveList
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

ArcSight Rule Action – Telegram Message
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

Nested Groups in Active Directory
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

Delete Multiple Cases – ArcSight Tool
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

Mail impersonation – Mail phishing recognize
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

Rules based on aggregate SUM
We should pay attention to each and every nested group that is a member of our sensitive groups, to ensure that we will know about every user that inherits these kinds of permissions.

Contain from Active List
Have you ever wanted to create a rule that has the ‘Contain From Active List’ condition in ArcSight?