Thursday, January 18, 2018

Communication to a known Bot C&C Server

Description: Communication to a known Bot Command and Control
Destination: 163.172.81.35

 Where the list came from?
root@qradar# cat /opt/qradar/conf/remotenet.conf | grep IP_Address



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

QRadar SIEM - Create a rule for Malware domain detection

In the previous post, I already created a Reference set for Malware domain. This time, we will create a rule when one of the malware domain...

  • WinCollect - Agent Status
    The Status Server is responsible for forwarding messages related to Agent status to QRadar. These LEEF messages can be easily viewed from th...