Month: August 2017

Attack on Financial Institutions with a New Backdoor

London, UK ā€“ August 08, 2017 ā€“ There were at least five attacks on Russian-speaking companies between June 23 and July 27, as researchers from Trend Micro reported. The primary targets of these attacks were banks and mining companies.

Read More
Creating Correlation Events in Splunk using Alerts

Many SIEM users ask a question: How do Splunk and HPE ArcSight SIEM tools differ? ArcSight users are confident that correlation events in ArcSight are a weighty argument in favor in using this SIEM because Splunk does not have the same events. Let’s destroy this myth. Splunk has many options to correlate events. So in […]

Read More
Additional Data in ArcSight ESM

Everyone who had ever installed a single ArcSight SmartConnector knows about ‘Device Event Mapping to ArcSight Fields’ chapter in the installation guide where you can find information on mapping of Device-Specific fields to ArcSight Event Scheme. It’s an essential chapter for Analysts, right? Certainly, you noticed that for some SmartConnectors there are ‘Additional Data’ fields. […]

Read More
PT Korelasi Persada Indonesia becomes SOC Primeā€™s partner

London, UK ā€“ August 03, 2017 ā€“ SOC Prime, Inc. announces a new partnership with PT Korelasi Persada Indonesia to bring innovation and efficiency for next generation Managed Security Services and MDR.

Read More
What is network hierarchy and how to use it in IBM QRadar

Network hierarchy is a description of the internal model of organization’s network. The network model allows you to describe all internal segments of the network including server segment, DMZ, user segment, Wi-Fi and so on. This data is necessary to enrich the data of registered Offenses; you can use the network model data in rules, […]

Read More
Active Lists in ArcSight, automatic clearing. Part 1

ArcSight beginners and experienced users very often face a situation when they need to automatically clear Active List in a use case. It could be the following scenario: count today’s logins for every user in real-time or reset some counters that are in Active List at the specified time.

Read More