Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Purpose

Detect malicious findings from IDS systems.

Included alerts

SecOpsBroHttpRequestSingleHeader

SecOpsBroRdpBruteForceSuccessHydraNcrack

SecOpsBroSelfSignedCert

SecOpsBroSmbFirstSeenShare

SecOpsBroSshInteresingHostNameLogin

SecOpsBroWinDceRpcSamrEnumeration

SecOpsBroWinLsatUserEnumeration

SecOpsBroWinDceRpceServiceCall

To use this alert pack, you must have the following data sources available on your domain:

  • ids.bro.*

Open alert pack 

Once you have installed the desired alerts individually, you can use the Open button at the top right of the card in Exchange to access the Alert configuration, where you can apply filters to find them and later manage them as required. You can also access this area via the Navigation pane (AdministrationAlert ConfigurationAvailable alerts).

Use alert pack 

The alerts installed are deactivated by default. Access the Alert configuration area to activate those you need and assign sending policies to receive them through the desired channels.

  • No labels