My account

Tag: How to

Sigma Rules Guide for ArcSight

631

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection. However, unlike Snort and […]

Integrating QRadar with VirusTotal

1,987

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

In the previous article I have demonstrated how to create a simple dashboard that monitors accessibility of sources in Splunk. Today I want to demonstrate you how to make any table in the dashboard more obvious and convenient. Let’s look at my last article and continue to improve the functionality of the table that I […]

A very common task for all ArcSight content developers is cleaning active lists on a scheduled basis or on-demand automatically. In the previous post I have described how to clear Active Lists on scheduled basis using trends:¬†https://socprime.com/en/blog/active-lists-in-arcsight-automatic-clearing-part-1/ Today I will show you another two ways how this can be achieved. Automatic clearing of Active Lists […]

In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]