...
This content pack is a bundle of out-of-the-box detections that offer quick coverage of alerts using Devo’s Security Operations application’s power but without the need to have the Security Operations application installed.
Firewalls are one of the last bastions of defense for your company, and any firewall that gets compromised can lead to an open highway for attackers to use to gain entry into your environment. In order to ensure a more comprehensive security outlook, Devo’s detections provide the extra assurance that any crack in the wall is made known to your SOC and your company. Download this alert pack to instantly provide the coverage your company is missing.
Included alerts
| ||||
SecOpsHAFNIUMNetworkActivityTargetingExchangeServers | SecOpsFWTrafficOnUnassignedLowPort | SecOpsFWSigred | ||
SecOpsRevilKaseyaNetworkActivity | SecOpsFWPortScanInternalSource | SecOpsLog4ShellVulnOverFirewallTrafficConnections | ||
SecOpsFWTrafficForeignDestination | SecOpsFWExcessFirewallDenies | SecOpsFWRDPExternalAccess | ||
SecOpsFWEmbargoedCountryOutboundTrafficDetected | SecOpsFWExcessFirewallDeniesOutbound | SecOpsFWSMBInternalScanningDetected | ||
SecOpsFWSMBInboundScanningDetected | SecOpsFWExternalSMBTrafficDetectedFirewall | SecOpsFWIrcTrafficExternalDestination | ||
SecOpsFWIpScanExternal | SecOpsFWIcmpExcessivePackets | SecOpsFWPortScanExternalSource | ||
SecOpsFWIpScanInternal | SecOpsFWRdpTrafficUnauthorized | SecOpsAnonymousConnection | ||
SecOpsFWSMBTrafficOutbound | SecOpsFWEmbargoedCountryInboundTrafficDetected | SecOpsVNCPortOpen | ||
SecOpsFWPortSweepInternalSource |
|
| ||
Prerequisites
To use this alert pack, you must have the following data source available on your domain:
...