Description

ZeroLogon (CVE-2020-1472) An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.


This package includes the following rules which helping with detecting ZeroLogon vulnerability and attack using ArcSight ESM


Mimikatz Outbound RPC Connection to DC

ZeroLogon Attack Detected

ZeroLogon Vulnerability Detected


Minimum Requirements

ArcSight ESM 7.0

Releases

Release
Size
Date
ZeroLogon Vulnerability Monitoring 1.0.0.0
17.7 KB
  |  
Oct 9, 2020
More info Less info
Product compatibility
ESM
Version 7.4 · 7.0 · 7.2 · 7.3
Release notes

refer to the Release Notes - Zerologon.docx which included with this package.

Languages
English

Similar items

Similar apps are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service and Micro Focus Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service and the Micro Focus Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2020-10-2-3328 | Wed Oct 14 04:20:43 PDT 2020