This package includes the following ArcSight ESM rules (use cases), which are based
on events reported from Polyverse Zerotect:
1. Possible Overflow Attack detects possible overflow attacks.
2. Possible Brute Force Canary detects possible bruteforcing a stack canary value.
3. Segmentation Violation Detected detects segmentation faults in different
applications and processes.
4. Bus Error Detected detects when a process is trying to access memory that the
CPU cannot physically address.
In addition, this package includes an actionable dashboard Polyverse Zerotect Events
Overview. The dashboard provides the analyst a real-time overview of different events
reported from Polyverse Zerotect to spot malicious activity like overflow attacks and
brute forcing stack canary values
Please refer to the readme file attached.
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Please refer to the readme file which attached with this package
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox