New Usecase: Detecting suspicious activities in vulnerable systems to ransomware attacks
Integration of vulnerability scanner with McAfee SIEM solution
Daily Update of the vulnerability scanner
Launch the vulnerability scan after the update
To create this Usecase you need to do the following:
Find best websites that share common vulnerabilities used in ransomware attacks
Create dynamic Watchlist that grab from this website the CVE of common vulnerabilities used in ransomware attacks
Use this Watchlist to create a correlation rule that will be used to create:
Report of vulnerable systems to ransomware attacks available in your company.
Action: need to take an immediate action to patch those in vulnerable systems.
View that shows the current vulnerable systems to ransomware attacks and any suspicious activities in those vulnerable systems.
Alarm that fire up if there are any suspicious activities and automate an alert by SMS and action that block if necessary any suspicious activities (by using for ex. McAfee IPS or any other solution) based on the severity of the event.
Basically, we can use this Alarm also to update/supply a new Watchlist with IP addresses of vulnerable systems to ransomware attacks and use this Watchlist later in other usercases for example Situational Awareness, Tracking Malware,..
Re: New Usecase: Detecting suspicious activities in vulnerable systems to ransomware attacks
I highly recommend to not only relies on security solutions for ex. EDR to protect us against ransomware attacks because there are some advanced types of ransomware attacks that can evade some of those security solutions and encrypt not only the Data but also its backup. Therefore, SIEM is the best solution to know what is happening in our network and alert us if there is any suspicious activities happen. Our goal for the best of the company and its reputation is to block all kinds of ransomware attacks and ensure the continuity of the service.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.