Blog

Monitoring Amazon Web services with IBM Qradar SIEM

As a part of the never-ending landscape of technology and the popularity that cloud based computing is gaining, we can say it is here to stay indefinitely.  With this in our mind, we need to develop the knowledge, tools to be able to understand the auditing and security monitoring options of cloudbased technologies like Softlayer,…

Integrative Cyber Defense

The dynamics of the cybersecurity scene are becoming similar to the dynamics of the military scene. If the cybersecurity world can adopt the strategic moves and concepts of the military command scene, these elements will help all business organizations fight their cybernetic enemy   In recent years, the realization that the dynamics of the cybersecurity…

Almost Everything is perfect in the Land of Qradar logs

But sometimes you can encounter a Sensor which will not send  full data information For example: We will take Imperva ScureSphere WAF as an example: IBM knowledge Center :http://www-01.ibm.com/support/knowledgecenter/SS42VS_7.2.5/com.ibm.dsm.doc/t_DSM_guide_SecuresphereWhich explains  how to configure the imperva to send syslogs toward qradar machine by just configuring action set to use this format for Qradar to understand the…

Mcafee DLP Events Support

Qradar Supports MacAfee EPO and Symantec SEP But not all of it. 1. SEP has full support for Antivirus, HIPS and Sonar functions, when using SEP as Device Control the Data is incoming as Misc. event and not as Device Control event.Meaning all of the Data Coming from SEP regarding Device Control Does Not parse…

DNS traffic monitoring for malicious activity

DNS traffic on port 53, is not suspicious on itself. But we can conclude that only dns servers should communicate outside to different dns servers in a closed environment.In an open environment we will be looking for malicious dns url’s.Endpoint pc’s, users computers do not need to communicate directly with outside dns queries on port 53….