Sunday, January 21, 2018

Qradar SIEM - Adding Malware Domain Reference Set

1. Download the list of malware domain here: malware list
2. Create a new Reference set.
    Name: Malware Domain List
    Type: AlphaNumeric
 
3. Export the list in Qradar reference set.
    Admin > System Configuration > Reference set management




at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

QRadar SIEM - Create a rule for Malware domain detection

In the previous post, I already created a Reference set for Malware domain. This time, we will create a rule when one of the malware domain...

  • WinCollect - Agent Status
    The Status Server is responsible for forwarding messages related to Agent status to QRadar. These LEEF messages can be easily viewed from th...
  • Sysmon
    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system rebo...