CVE-2005-1433

Multiple unknown vulnjerabilities HP OpenView Event Correlation Services OV ECS 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code...

EUVD-2005-1436

Malware in sbrugna...

Detecting DLL hijacking with machine learning: real-world cases

Introduction Our colleagues from the AI expertise center recently developed a machine-learning model that detects DLL-hijacking attacks. We then integrated this model into the Kaspersky Unified Monitoring and Analysis Platform SIEM system. In a separate article, our colleagues shared how the mode...

How to monitor, detect, and respond to cloud data risks faster with built-in security controls for cloud events

Wiz for DSPM: Additional enhancements to help you correlate suspicious events related to unprotected data in near real-time...

Automated remediation level 1: Lock down fundamentals

Non-calamitous conclusions When teams work in silos, they often can have different interpretations of the same data. There’s no way to leverage the real benefits of automated remediation if this is your reality. Ensuring visibility across teams is a critical component in a shared data set where...

Dsiem - Security Event Correlation Engine For ELK Stack

Dsiem is a security event correlation engine for ELK stack, allowing the platform to be used as a dedicated and full-featured SIEM system. Dsiem provides OSSIM-style correlation for normalized logs/events, perform lookup/query to threat intelligence and vulnerability information sources, and...

Making it real—harnessing data gravity to build the next gen SOC

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, andSin John,EMEA Chief Security Advisor, Cybersecurity Solutions Group. In our first blog, Diana and I talked about the concept of data gravity and how it could, conceptually, help organizations take a more cloud-ready approach to...

Simplifying and Prioritizing Advanced Threat Response Measures

I had to go to the doctor the other day because I was miserable and sick. I don’t like going to the doctor so I waited until my stuffy nose and congestion turned into a full blown sinus infection. The doctor said this thing was going around, and I should be better in a few day with my prescriptio...

Sending FireEye HX data to Splunk

FireEye HX is an agent-based Endpoint Protection solution. Something like an antivirus, but focused on Advanced Persistent Threats APT. It has an appliance with GUI where you can manage the agents and see information about detected security incidents. As with any agent-based solution, it's...

The CIS Critical Security Controls Explained – Control 6: Maintenance, Monitoring and Analysis of Audit Logs

In your organizational environment, Audit Logs are your best friend. Seriously. This is the sixth blog of the series based on the CIS Critical Security Controls. Ill be taking you through Control 6: Maintenance, Monitoring and Analysis of Audit Logs, in helping you to understand the need to nurtu...

Fully Integrated Defense Operation: FIDO

Fully Integrated Defense Operation Fully Integrated Defense Operation FIDO plays a important role in the defense of the Netflix corporate network. The premise of FIDO is simple… each year companies are receiving an ever increasing amount of security related alerts. Instead of hiring more analyst ...

IT Security – Do it the hard or easy way!

Whether you are a one-stop-shop IT guy or a network admin on a large IT team you owe it to yourself to learn about Security Information and Event Management SIEM technology. Why? SIEM lets you correlate between events recorded in different logs for related systems. This is significant because...

Data Loss Prevention – Log & Event Manager

In today’s world your network is subject to a multitude of vulnerabilities and potential intrusions and it seems like we see or hear of a new attack weekly. A data breach is arguably the most costly and damaging of these attacks and while loss of data is painful the residual impact of the breach ...

Cisco/Protego CS-MARS < 4.2.1 (JBoss) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Cisco/Protego CS-MARS 4.2.1 remote command execution, system compromise via insecure JBoss installation. Fully functional POC code by Jon Hart [email protected] Addressed in CSCse47646 CS-MARS is an event correlation product orginally written by...

Vulnerability Management: Think Like an Attacker to Prioritize Risks

Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. The same is true for you - to most effectively manage vulnerabilities, you need to think like an attacker. Ask yourself: How would you go about compromising systems,...

SolarWinds Log & Event Manager for Log Management and SEIM Security

SolarWinds® Log & Event Manager LEM, a full-function Security & Information Event Management SIEM solution, delivers powerful log management capabilities in a highly affordable, easy-to-deploy virtual appliance. SolarWinds LEM combines real-time log analysis, event correlation, and a groundbreaki...

SolarWinds Log & Event Manager for Log Management and SEIM Security

SolarWinds® Log & Event Manager LEM, a full-function Security & Information Event Management SIEM solution, delivers powerful log management capabilities in a highly affordable, easy-to-deploy virtual appliance. SolarWinds LEM combines real-time log analysis, event correlation, and a groundbreaki...

The Top Six Ways You Will Benefit From Event Log Monitoring

Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they...

The Top Six Ways You Will Benefit From Event Log Monitoring

Systems on your network log data 24/7/365. Simply allowing logs to take up disk space, reviewing them only after something has happened and deleting logs when you run low on disk space are all the strategies of an admin doomed to always being in firefighting mode, reacting to bad things when they...

Alliance Issues Guidance for Cloud-Based SIEM Services

The non-profit Cloud Security Alliance today released guidelines for the nascent Security as a Service SecaaS specialization within the broader realm of cloud computing. The goal, the group says, is to help companies and consumers gain a better handle on how best to evaluate, build and deploy...