COVID-19 Security Package from SOC Prime

204774

Aleks B Community

App Support Tiers

MICRO FOCUS SUPPORTED

Support via Micro Focus Software Support, with a ticket filed against the associated product.

PARTNER

Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.

MICRO FOCUS COMMUNITY

Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by Micro Focus customers and supported by them.

Aleks B | Community
COVID-19 Security Package from SOC Prime is the set of search queries to detect the most active attacks that were detected during the COVID-19 specific phishing and other threats brought on by increased teleworking.
237 downloads

Share
 

Product compatibility

ESM

Description

COVID-19 Security Package from SOC Prime is the set of search queries to detect the most active attacks that were detected during the COVID-19 specific phishing and other threats brought on by increased teleworking.

Rules in the package cover 6 MITRE ATT&CK Techniques:

  • Spearphishing Attachment (T1193)
  • Scripting (T1064)
  • Deobfuscate/Decode Files or Information (T1140)
  • PowerShell (T1086)
  • Registry Run Keys / Startup Folder (T1060)
  • Scheduled Task (T1053)

Rules contributed by Florian Roth, SOC Prime team, @blu3_team, Markus Neis, Daniel Bohannon, Roberto Rodriguez

More details about coronavirus phishing campaign and attacks https://socprime.com/en/blog/covid-19-coronavirus-phishing/

Minimum Requirements


  • ArcSight Command Center

  • ArcSight Logger

Releases

Release
Size
Date
v.1.0.0 1
15.6 KB
  |  
Apr 1, 2020
More info Less info
Product compatibility
ESM
Version 7.2 · 7.0
Version 6.8 · 6.9.1 · 6.11.0
Release notes

Version 1.0.0:

  • Initial version

Inside the file, you will find a bunch of search queries to detect threats. Just copy and paste it to Event search in the ArcSight ESM Command Center or Logger.

Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service and Micro Focus Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service and the Micro Focus Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-7-1-2885 | Thu Jul 9 00:27:49 PDT 2020