Michael Sconzo

Threat Detection - Update (Jan 2017)

Blog Post created by Michael Sconzo Employee on Jan 25, 2017

If you didn't catch Saket's update about Log Parsers, be sure to look at all the improvements they made. Here's the January roll-up of the new detection capabilities added via Live.

 

Parsers

  • PVID
  • CustomTCP
  • Lua Mail Options file
  • rekaf
  • Cerber
  • Updates to the DynDNS parser

 

Feed Additions

  • Grizzly Steppe
  • Locky
  • Cerber
  • Schoolbell
  • Kingslayer
  • Tox Supernode

 

Reports

  • Added Tox traffic to the 'Encrypted Traffic' report

Outcomes