ArcSight ESM with Wannacry content - SOC Prime скачать в хорошем качестве

ArcSight ESM with Wannacry content - SOC Prime

Welcome to another short video walkthrough of the ArcSight ESM solution and in this case, a set of content that was kindly provided by the guys at SOC Prime. The Wannacry malware hit in May 2017 and gained infamy due to the way it spread as well as the targets affected. However, from a detection point of view, it has some very specific indicators that make it detectable using an SIEM - which in this case is ArcSight ESM. In this video I walkthrough the content provided by SOC Prime and what it does and what it uses (OSINT or Open Source Intelligence), some active lists and some rules and a few dashboards to assist in the identification of Wannacry. Big credit goes to the SOC Prime guys for making the content available and FREE OF CHARGE - so go to the following links to check out more information and what this is all about: SOC Prime: https://socprime.com/en/ Indicator Lists - Protect 724 (open post): https://community.saas.hpe.com/t5/Dis... https://community.saas.hpe.com/t5/Dis... SOC Prime Documentation - Protect 724 (open post): https://community.saas.hpe.com/t5/Dis... SOC Prime ARB Package - Protect 724 (open post): https://community.saas.hpe.com/t5/Dis... Anomali Blog on Wannacry - for more information and detail: https://www.anomali.com/blog/wanacry Dont forget to sign up to the Anomali threat briefing for more up to date information: https://www.anomali.com/platform/week...