SlideShare une entreprise Scribd logo

ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen

Télécharger en tant que PPTX, PDF
C
cohen88or

ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen

Technologie
1  sur  14
Or Cohen – We Ankor 2014 or@we-can.co.il
Saturday, May 17, 2014 slide 2 • Many daily alerts, even after advanced aggregation and correlation. • Investigating a server/workstation is not always possible due to lack of physical access, tools, time or knowledge. • Just starting an investigation may take hours or even days – long after the initial alert was triggered. • Relevant evidence are hard to collect and analyze.
• Start an investigation for every single alert within seconds. • Get to every host in the network regardless of physical location. • Collect and analyze relevant evidence. • Get actionable and refined data from the investigated host ASAP. Saturday, May 17, 2014 slide 3
• Automatically deploy (and remove) ECAT agents across the network. • Automatically scan hosts with multiple scan configurations. • Automatically collect scan results from ECAT with full analysis data. • Automatically react to the presence of a suspicious module. Saturday, May 17, 2014 slide 4
Saturday, May 17, 2014 slide 5 Now what?
Saturday, May 17, 2014 slide 6 Install ECAT Agent OnWS87771
Saturday, May 17, 2014 slide 6
Saturday, May 17, 2014 slide 6
Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe Module Path: C:$Recycle.BinS-1-5-21-1844237615-1604221776- 725345543-151746re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860 Host Name: WS8771 Host IP: 10.2.34.123 Bytes In: 3211 Bytes Out: 7651819 Target IP: 27.1.34.79 Target Host: superEvil.info Target Port: 21 OPSWAT Verdict: Clean YARA Verdict: Infected - super_evil_malware_group Certificate Status: Not Singed HASH Lookup: Unknown S.L: 49 Comment:Found Infected on 19/05/2014 by: super_evil_malware_group
Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860 WS8291 WS8101 WS2151 iexplore.exe svchost.exe tempp.exe
Saturday, May 17, 2014 slide 6 WS8291 WS8101 WS2151 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
Saturday, May 17, 2014 slide 6 AVVendor Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
Or Cohen – We Ankor 2014

Recommandé

Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...
Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...
Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...Rebecca Reck
 
Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%TechWell
 
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...DevOpsDays Tel Aviv
 
12 Days of Coding Errors
12 Days of Coding Errors12 Days of Coding Errors
12 Days of Coding ErrorsErika Barron
 
Serverless computing henry been - logging instrumentation dashboards alerts
Serverless computing henry been - logging instrumentation dashboards alertsServerless computing henry been - logging instrumentation dashboards alerts
Serverless computing henry been - logging instrumentation dashboards alertsHenry Been
 
Neptune : Re-thinking Incident Response Automation
Neptune : Re-thinking Incident Response Automation Neptune : Re-thinking Incident Response Automation
Neptune : Re-thinking Incident Response Automation Kiran Gollu
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at ScaleRaffael Marty
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
 

Recommandé

Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...
Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...
Developing a New Affordable DC Motor Laboratory Kit for an Existing Undergrad...Rebecca Reck
 
Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%TechWell
 
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...
Who Watches the Watchmen - Arup Chakrabarti, PagerDuty - DevOpsDays Tel Aviv ...DevOpsDays Tel Aviv
 
12 Days of Coding Errors
12 Days of Coding Errors12 Days of Coding Errors
12 Days of Coding ErrorsErika Barron
 
Serverless computing henry been - logging instrumentation dashboards alerts
Serverless computing henry been - logging instrumentation dashboards alertsServerless computing henry been - logging instrumentation dashboards alerts
Serverless computing henry been - logging instrumentation dashboards alertsHenry Been
 
Neptune : Re-thinking Incident Response Automation
Neptune : Re-thinking Incident Response Automation Neptune : Re-thinking Incident Response Automation
Neptune : Re-thinking Incident Response Automation Kiran Gollu
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at ScaleRaffael Marty
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
 
So you-want-to-go-faster
So you-want-to-go-fasterSo you-want-to-go-faster
So you-want-to-go-fasterOoblioob
 
HP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security AutomationHP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security Automationcohen88or
 
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...Puppet
 
Moving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everythingMoving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everythingXebiaLabs
 
Measuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementMeasuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementAPNIC
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Super chargeyourcontiniousintegrationdeployments
Super chargeyourcontiniousintegrationdeploymentsSuper chargeyourcontiniousintegrationdeployments
Super chargeyourcontiniousintegrationdeploymentsNikola Gotsev
 
Supercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration DeploymentsSupercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration DeploymentsNikola Gotsev
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Assaf Flatto
 
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in DjangoDjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in DjangoCasey Kinsey
 
Afcom how to move a data center
Afcom how to move a data centerAfcom how to move a data center
Afcom how to move a data centerRich Casselberry
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessVipin Jain
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container NetworkingVipin Jain
 
Moving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your CodeMoving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your CodeXebiaLabs
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Monitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my BotsMonitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my BotsTakashi Yamanoue
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Continuously Integrating Puppet
Continuously Integrating PuppetContinuously Integrating Puppet
Continuously Integrating PuppetPuppet
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Contenu connexe

Similaire à ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen

So you-want-to-go-faster
So you-want-to-go-fasterSo you-want-to-go-faster
So you-want-to-go-fasterOoblioob
 
HP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security AutomationHP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security Automationcohen88or
 
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...Puppet
 
Moving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everythingMoving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everythingXebiaLabs
 
Measuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementMeasuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementAPNIC
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
Super chargeyourcontiniousintegrationdeployments
Super chargeyourcontiniousintegrationdeploymentsSuper chargeyourcontiniousintegrationdeployments
Super chargeyourcontiniousintegrationdeploymentsNikola Gotsev
 
Supercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration DeploymentsSupercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration DeploymentsNikola Gotsev
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Assaf Flatto
 
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in DjangoDjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in DjangoCasey Kinsey
 
Afcom how to move a data center
Afcom how to move a data centerAfcom how to move a data center
Afcom how to move a data centerRich Casselberry
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessVipin Jain
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container NetworkingVipin Jain
 
Moving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your CodeMoving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your CodeXebiaLabs
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Monitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my BotsMonitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my BotsTakashi Yamanoue
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Continuously Integrating Puppet
Continuously Integrating PuppetContinuously Integrating Puppet
Continuously Integrating PuppetPuppet
 

Similaire à ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen (20)

So you-want-to-go-faster
So you-want-to-go-fasterSo you-want-to-go-faster
So you-want-to-go-faster
 
HP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security AutomationHP ArcSight & Ayehu eyeShare - Security Automation
HP ArcSight & Ayehu eyeShare - Security Automation
 
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...
 
Moving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everythingMoving to Continuous Delivery without breaking everything
Moving to Continuous Delivery without breaking everything
 
Measuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurementMeasuring IPv6 using ad-based measurement
Measuring IPv6 using ad-based measurement
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 
Super chargeyourcontiniousintegrationdeployments
Super chargeyourcontiniousintegrationdeploymentsSuper chargeyourcontiniousintegrationdeployments
Super chargeyourcontiniousintegrationdeployments
 
Supercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration DeploymentsSupercharge Your Continuous Integration Deployments
Supercharge Your Continuous Integration Deployments
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
 
Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)Monitoring - When To start (or Metrics led development)
Monitoring - When To start (or Metrics led development)
 
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in DjangoDjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
DjangoCon 2013 - How to Write Fast and Efficient Unit Tests in Django
 
Afcom how to move a data center
Afcom how to move a data centerAfcom how to move a data center
Afcom how to move a data center
 
Container Networking Challenges for Production Readiness
Container Networking Challenges for Production ReadinessContainer Networking Challenges for Production Readiness
Container Networking Challenges for Production Readiness
 
Production Challenges for Container Networking
Production Challenges for Container NetworkingProduction Challenges for Container Networking
Production Challenges for Container Networking
 
Moving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your CodeMoving to Continuous Delivery Without Breaking Your Code
Moving to Continuous Delivery Without Breaking Your Code
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Monitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my BotsMonitoring Servers, With a Little Help from my Bots
Monitoring Servers, With a Little Help from my Bots
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
 
Continuously Integrating Puppet
Continuously Integrating PuppetContinuously Integrating Puppet
Continuously Integrating Puppet
 

Dernier

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Dernier (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

ArcSight & RSA ECAT Integration - By We-Ankor & Or Cohen

  • 1. Or Cohen – We Ankor 2014 or@we-can.co.il
  • 2. Saturday, May 17, 2014 slide 2 • Many daily alerts, even after advanced aggregation and correlation. • Investigating a server/workstation is not always possible due to lack of physical access, tools, time or knowledge. • Just starting an investigation may take hours or even days – long after the initial alert was triggered. • Relevant evidence are hard to collect and analyze.
  • 3. • Start an investigation for every single alert within seconds. • Get to every host in the network regardless of physical location. • Collect and analyze relevant evidence. • Get actionable and refined data from the investigated host ASAP. Saturday, May 17, 2014 slide 3
  • 4. • Automatically deploy (and remove) ECAT agents across the network. • Automatically scan hosts with multiple scan configurations. • Automatically collect scan results from ECAT with full analysis data. • Automatically react to the presence of a suspicious module. Saturday, May 17, 2014 slide 4
  • 5. Saturday, May 17, 2014 slide 5 Now what?
  • 6. Saturday, May 17, 2014 slide 6 Install ECAT Agent OnWS87771
  • 7. Saturday, May 17, 2014 slide 6
  • 8. Saturday, May 17, 2014 slide 6
  • 9. Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe Module Path: C:$Recycle.BinS-1-5-21-1844237615-1604221776- 725345543-151746re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860 Host Name: WS8771 Host IP: 10.2.34.123 Bytes In: 3211 Bytes Out: 7651819 Target IP: 27.1.34.79 Target Host: superEvil.info Target Port: 21 OPSWAT Verdict: Clean YARA Verdict: Infected - super_evil_malware_group Certificate Status: Not Singed HASH Lookup: Unknown S.L: 49 Comment:Found Infected on 19/05/2014 by: super_evil_malware_group
  • 10. Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
  • 11. Saturday, May 17, 2014 slide 6 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860 WS8291 WS8101 WS2151 iexplore.exe svchost.exe tempp.exe
  • 12. Saturday, May 17, 2014 slide 6 WS8291 WS8101 WS2151 Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
  • 13. Saturday, May 17, 2014 slide 6 AVVendor Module Name: 6re1fyeg1109.exe MD5: A87480D346E943491EE107CDB90D2860
  • 14. Or Cohen – We Ankor 2014