cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Usecase: Detecting suspicious activities in vulnerable systems to ransomware attacks

Prerequisite:

  • Integration of vulnerability scanner with McAfee SIEM solution
  • Daily Update of the  vulnerability scanner
  • Launch the  vulnerability scan after the update

To create this Usecase you need to do the following:

  • Find best websites that share common vulnerabilities used in ransomware attacks
  • Create dynamic Watchlist that grab from this website the CVE of common vulnerabilities used in ransomware attacks
  • Use this Watchlist to create a correlation rule that will be used to create:
    1. Report of vulnerable systems to ransomware attacks available in your company.
      1.       Action: need to take an immediate action to patch those in vulnerable systems.
    2. View that shows the current vulnerable systems to ransomware attacks and any suspicious activities in those vulnerable systems.
    3. Alarm that fire up if there are any suspicious activities and automate an alert by SMS and action that block if necessary any suspicious activities (by using for ex. McAfee IPS or any other solution) based on the severity of the event.

Basically, we can use this Alarm also to update/supply a new Watchlist with IP addresses of vulnerable systems to ransomware attacks and use this Watchlist later in other usercases for example Situational Awareness, Tracking Malware,..

1 Reply

Re: New Usecase: Detecting suspicious activities in vulnerable systems to ransomware attacks

I highly recommend to not only relies on security solutions for ex. EDR to protect us against ransomware attacks because there are some advanced types of ransomware attacks that can evade some of those security solutions and encrypt not only the Data but also its backup.
Therefore, SIEM is the best solution to know what is happening in our network and alert us if there is any suspicious activities happen.
Our goal for the best of the company and its reputation is to block all kinds of ransomware attacks and ensure the continuity of the service.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community