Sunday, January 21, 2018

Qradar SIEM - Adding Malware Domain Reference Set

1. Download the list of malware domain here: malware list
2. Create a new Reference set.
    Name: Malware Domain List
    Type: AlphaNumeric
 
3. Export the list in Qradar reference set.
    Admin > System Configuration > Reference set management




at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

QRadar SIEM - Create a rule for Malware domain detection

In the previous post, I already created a Reference set for Malware domain. This time, we will create a rule when one of the malware domain...

  • Communication to a known Bot C&C Server
    Description: Communication to a known Bot Command and Control Destination:  163.172.81.35 Where the list came from? root@qradar# cat /op...
  • WinCollect - Agent Status
    The Status Server is responsible for forwarding messages related to Agent status to QRadar. These LEEF messages can be easily viewed from th...