My account

Blog

Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]

About a week ago we got this info from one of our partners “We are seeing phishing emails flying in our environment (Internal to Internal)” along with sharing an email sample with us. Today we’re going to analyze the recent phishing attacks targeted at Fortune 500 and Global 2000 companies dubbed “Stealthphish” aimed at compromising […]

Integrating QRadar with VirusTotal

1,720

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

In the previous article I have demonstrated how to create a simple dashboard that monitors accessibility of sources in Splunk. Today I want to demonstrate you how to make any table in the dashboard more obvious and convenient. Let’s look at my last article and continue to improve the functionality of the table that I […]

A very common task for all ArcSight content developers is cleaning active lists on a scheduled basis or on-demand automatically. In the previous post I have described how to clear Active Lists on scheduled basis using trends: https://socprime.com/en/blog/active-lists-in-arcsight-automatic-clearing-part-1/ Today I will show you another two ways how this can be achieved. Automatic clearing of Active Lists […]