F5 BIG-IP critical vulnerability

Detect F5 BIG-IP Critical Vulnerability Exploitation Attempt with Free Sigma Detection Rule

  To apply this detection rule, you can convert it to your SIEM language. It is also recommended to update BIG-IP to the latest version. More information available here.  You can also detect CMSTP.exe with INF files infected with malicious commands with our previous free Splunk detection rule.   Secure Your Organization’s Mind with Securemind.se

block indicators

Detect Indicator Blocking with these free splunk Detection Rules

An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. This could include maliciously redirecting or even disabling host-based sensors, such as Event Tracing for Windows (ETW), by tampering settings that control the collection and flow of event telemetry.  These settings may be stored on the system in configuration files…

File and Directory Permissions threat hunting

Detect File and Directory Permissions Modification with this free Splunk Detection Rule

File and directory permissions are commonly managed by discretionary access control lists (DACLs) specified by the file or directory owner. File and directory DACL implementations may vary by platform, but generally they are explicitly designated so that users/groups can perform actions ie.read, write, execute, etc. Adversaries may modify file or directory permissions/attributes to evade intended…

decode files threat hunting

Detect Deobfuscate/Decode Files or Information with this free Splunk Detection Rule

Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from the analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware, Scripting, PowerShell, or by using utilities present on the system. One…