My account

Month: July 2017

Historical Correlation


What if I deployed or designed new Use Case and I want to know if my company was exposed to the threat in the past? While working with ArcSight a lot of people are wondering whether there is a way to realize historical correlation. They even have several real life scenarios for this. The first […]

How to fix parsing issues in QRadar without technical support


All QRadar products can be divided into two groups: versions before 7.2.8 and all newest versions. In 7.2.8+ QRadar versions, all parsing changes are performed from the WEB console. To fix a parsing issue, you need to do the following steps: Create Search on Log Activity page in QRadar where you can get events with […]

Every ArcSight user or administrator is faced with false positive rule triggers while delivering threat intelligence feed into ArcSight. This mostly happens when threat intel source events are not excluded from rule condition or connector tries to resolve all IP addresses and host names that are processed.

Events correlation plays an important role in the incident detection and allows us to focus on the events that really matter to the business services or IT/security processes.

It’s been a hot summer for security industry: in less than a week since the initially suspected ransomware Petya.A has turned out to be much more than meets the eye. Security researchers around the world have rightfully dubbed it NotPetya and EternalPetya, as the malware was never meant to ask for ransom – it was […]