COVID-19 Security Package from SOC Prime is the set of search queries to detect the most active attacks that were detected during the COVID-19 specific phishing and other threats brought on by increased teleworking.
Rules in the package cover 6 MITRE ATT&CK Techniques:
Rules contributed by Florian Roth, SOC Prime team, @blu3_team, Markus Neis, Daniel Bohannon, Roberto Rodriguez
More details about coronavirus phishing campaign and attacks https://socprime.com/en/blog/covid-19-coronavirus-phishing/
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
Ergon Informatik AG
Inside the file, you will find a bunch of search queries to detect threats. Just copy and paste it to Event search in the ArcSight ESM Command Center or Logger.
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox