STIX/TAXII feed processing

Similar documents
securing your network perimeter with SIEM

ManageEngine EventLog Analyzer Quick Start Guide

NEXT GENERATION SECURITY OPERATIONS CENTER

align security instill confidence

A guide to configure agents for log collection in EventLog Analyzer

Data Retrieval Firm Boosts Productivity while Protecting Customer Data

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

USM Anywhere AlienApps Guide

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

PALANTIR CYBERMESH INTRODUCTION

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

A guide to configure agents for log collection in Log360

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

ALIENVAULT USM FOR AWS SOLUTION GUIDE

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Symantec Security Monitoring Services

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Cisco IOS Inline Intrusion Prevention System (IPS)

HOSTED SECURITY SERVICES

Connection Logging. Introduction to Connection Logging

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Cisco ASA 5500 Series IPS Solution

Un SOC avanzato per una efficace risposta al cybercrime

Comodo SiteInspector Software Version 3.3

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

A Security Admin's Survival Guide to the GDPR.

Connection Logging. About Connection Logging

locuz.com SOC Services

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Module 2: AlienVault USM Basic Configuration and Verifying Operations

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Asset Discovery with Symantec Control Compliance Suite WHITE PAPER

ITSM SERVICES. Delivering Technology Solutions With Passion

Cisco s Appliance-based Content Security: IronPort and Web Security

WHITE PAPER. Applying Software-Defined Security to the Branch Office

CLOUD WORKLOAD SECURITY

CloudSOC and Security.cloud for Microsoft Office 365

How To Disable Client Intrusion Prevention

Software-Defined Secure Networks. Sergei Gotchev April 2016

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Real-time Monitoring, Inventory and Change Tracking for. Track. Report. RESOLVE!

Using AD360 as a reverse proxy server

Imperva Incapsula Website Security

10 FOCUS AREAS FOR BREACH PREVENTION

Total Threat Protection. Whitepaper

Cisco Start. IT solutions designed to propel your business

Security Operations & Analytics Services

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

All you need to know and do to comply with the EU General Data Protection Regulation

Cisco Firepower NGFW. Anticipate, block, and respond to threats

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Next Generation Privilege Identity Management

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

RSA INCIDENT RESPONSE SERVICES

Popular SIEM vs aisiem

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Cisco Threat Intelligence Director (TID)

with Advanced Protection

Open Source Security Orchestration. Brucon 9, Ghent 2017

AlienVault USM Appliance for Security Engineers 5 day course outline. Module 2: USM Appliance Basic Configuration and Verifying Operations

EventLog Analyzer. All you need to know and do to comply with the EU General Data Protection Regulation

Cisco Threat Intelligence Director (TID)

Cognitive Threat Analytics Tech update

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Cisco Firepower NGFW. Anticipate, block, and respond to threats

FOR FINANCIAL SERVICES ORGANIZATIONS

SOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.

SIEMLESS THREAT MANAGEMENT

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Sandboxing and the SOC

<Partner Name> RSA NETWITNESS Intel Feeds Implementation Guide. Anomali STAXX 3.0. <Partner Product>

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Integrating Juniper Sky Advanced Threat Prevention (ATP) and ForeScout CounterACT for Infected Host Remediation

Office 365 Buyers Guide: Best Practices for Securing Office 365

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Preparing your network for the next wave of innovation

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Intelligent Edge Protection

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

CYBER SECURITY OPERATION CENTER (CSOC)

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

Automated, Real-Time Risk Analysis & Remediation

Continuous protection to reduce risk and maintain production availability

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Transcription:

Detecting network intruders with STIX/TAXII feed processing A Guide www.manageengine.com/products/eventlog/

Introduction In today's evolving threat landscape, the key to efficient threat mitigation is early detection. The Structured Threat Information Expression (STIX), a structured language for describing threats, and the Trusted Automated Exchange of Indicator Information (TAXII) protocol, a collaborative threat sharing platform, both emerged as community-driven ways to defend against cyberthreats. Since STIX and TAXII provide global standards for identifying and sharing threat information, threat feeds based on these protocols are widely used and always provide the latest, most reliable threat information. The ideal way to secure your organization's network would be to constantly update your threat database with these feeds. However, as any security administrator knows, updating your threat database frequently takes a lot of work. EventLog Analyzer, a log management and IT compliance solution with a built-in STIX/TAXII feed processor, makes it easy for you to detect threats in real time. The STIX/TAXII feed processor updates the global threat database on local EventLog Analyzer instances every day to ensure your threat feeds remain up-to-date. The global threat database also contains over 600 million blacklisted IP addresses that are collected from other trusted open sources and updated daily. EventLog Analyzer sends alerts in real time whenever a blacklisted source tries to interact with your network, helping you detect threats early on. Threat detection with EventLog Analyzer Access to a comprehensive knowledge base: EventLog Analyzer processes some of the most prominent threat feeds, including those based on the STIX/TAXII protocols. Dynamic threat information: EventLog Analyzer automatically pulls the latest information from threat feeds, making sure you stay up-to-date. No configurations required: EventLog Analyzer starts processing the feeds immediately after deployment.

How it works ELA Server LOG Network perimeter devices (Cisco, SonicWall, Fortinet) generate logs. 4. Collects network device logs. 5. Raises an alert based on default threat profiles. 1. EventLog Analyzer downloads information from STIX feeds using TAXII protocol. 2. Stores malicious IPs, URLs, and domain names on ManageEngine's cloud server. 3. Connects securely to our cloud service daily and stores threat data on a local instance of the global threat database. 1. EventLog Analyzer downloads the threat feeds on a daily basis from two STIX feed providers, Hail A TAXII and AlienVault OTX, using the TAXII protocol. 2. The downloaded threat feeds (comprised of malicious IPs, URLs, and domain names) are stored in our cloud service so the EventLog Analyzer server's resources, memory, and performance aren't affected. 3. Every day, EventLog Analyzer securely connects to our cloud service using the HTTPS protocol and the threat feed is updated on your local instance of EventLog Analyzer. 4. EventLog Analyzer then analyzes the logs from network perimeter devices such as Cisco, SonicWall, and Fortinet firewalls. 5. It then correlates the log data with the threat feeds in real time, detects intrusion attempts from malicious domain names, URLs, or IPs if any, and sends out email or SMS notifications to the required security professionals. Best of all, EventLog Analyzer's entire threat detection process listed above requires no configuration on your end. As soon as you've deployed EventLog Analyzer, its threat feed processor starts working automatically.

At a glance What objects does the STIX/TAXII feed processor support? Malicious IP addresses, URLs, and domain names that get reported in the STIX feeds are stored in EventLog Analyzer's global threat database. What other information does the global threat database have? It also contains over 600 million blacklisted IP addresses collected from other trusted open sources. What protocol is used to transfer feeds from the cloud to local instance? The local instance of EventLog Analyzer connects to ManageEngine's cloud service using the secure HTTPS protocol. How often is the threat data on the local instance updated? The global threat database on the local instance is updated with the latest information every morning at 7am. What gets correlated to detect threats instantly? EventLog Analyzer correlates logs that contain information on intrusion attempts (i.e. the firewall logs from Cisco, Fortinet, and SonicWall devices) with the global threat database to detect threats. Accessing alert notifications for EventLog Analyzer's threat intelligence platform All the alerts that get triggered from EventLog Analyzer's threat intelligence platform can be found in Alerts -> Profile-based alerts -> Default threats. To change the notification settings for these alert profiles, click on the Manage Alert Profile button or the edit icon ( ).

EventLog Analyzer allows you to take advantage of a global knowledge base of threats and ensure no malicious intruder can breach your network. Apart from real-time alerts, the solution also allows you to manage the alerts as tickets by assigning owners, updating their status, and more. All this requires no additional setup, so you get to add an extra layer of security with virtually no effort. Tech Support support@eventloganalyzer.com Toll Free US : +1 844 649 7766 UK : 0800 028 6590

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback