Description

ZeroLogon (CVE-2020-1472) An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.


This package includes the following rules which helping with detecting ZeroLogon vulnerability and attack using ArcSight ESM


Mimikatz Outbound RPC Connection to DC

ZeroLogon Attack Detected

ZeroLogon Vulnerability Detected

Password Last Set field changed by ANONYMOUS LOGON

Vulnerable Netlogon Secure Channel Detected


Minimum Requirements

ArcSight ESM 7.0

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Size
Date
ZeroLogon Vulnerability Monitoring 1.0.0.1
56.0 KB
  |  
Jan 11, 2021
More info Less info
Product compatibility
ESM
Version 7.0 · 7.1 · 7.2 · 7.3 · 7.4
Release notes

please refer to Zerologon_ReleaseNotes.pdf which attached with this package

Languages
English
ZeroLogon Vulnerability Monitoring 1.0.0.0
54.1 KB
  |  
Oct 9, 2020
More info Less info
Product compatibility
ESM
Version 7.4 · 7.0 · 7.2 · 7.3
Release notes

refer to the Zerologon_ReleaseNotes.pdf which included with this package.

Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service and Micro Focus Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service and the Micro Focus Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2021-1-1-3600 | Wed Jan 6 00:44:15 PST 2021