LogRhythm Labs - Tagged - Security Boulevard
Five-level scale for conducting qualitative risk assessments

Conducting an Information Security Risk Assessment Successfully

| | LogRhythm Labs
Management of risk is not a simple undertaking but is essential for enterprise governance and decision making. Whether a company is adopting an enterprise risk management framework (e.g., ISO 31000, COSO, or ...
 LogRhythm Client Console view of AIE Rule

Integrating SIEM Within Compliance Programs

| | LogRhythm Labs
At their core, information security and compliance seem like topics that should go hand in hand: InfoSec deals with the daily functions of identifying and responding to threats, while compliance includes responsibilities ...
AI Engine (AIE) event AIE: T1059:Command and Scripting Interpreter

Ransomware Detection and Mitigation Strategies in OT/ICS Environments

| | LogRhythm Labs
On 9 May 21, the Federal Bureau of Investigation (FBI) issued a statement regarding a network disruption at Colonial Pipeline, one of the largest fuel pipelines servicing the eastern United States. Following ...

A Guide to Detecting Microsoft Exchange Zero-Day Exploits

TL;DR First and foremost, apply patches to the Exchange infrastructure. Assume compromise. It’s been reported that the attackers launched a massive compromise attack against 60,000+ Exchange Servers before patches became available, and ...
Log message source properties

Windows Certificate Export: Detections Inspired by the SolarWinds Compromise

TL/DR Methods to detect when a certificate is exported from a Windows system are discussed in detail below using the audit log “Certificate Services Lifecycle Notifications” and collecting the log messages with ...
LogRhythm dashboard showing risk based prioritization and possible DDoS detected

Telecommunication Security Use Cases

| | LogRhythm Labs
Attacks made against telcos and internet service providers (ISPs) have steadily risen. Distributed denial of service (DDoS) attackers launched an 11-day attack against a Chinese telco in 2017 — breaking the DDoS ...
How to detect prohibited interconnect packets with LogRhythm

How to Detect and Respond to SS7 Attacks — OT Telco Use Cases

| | LogRhythm Labs
In the telecom environment, using Signaling System No.7 (SS7) protocol is very crucial, especially in 2G networks. If you’re wondering how SS7 works, SS7 protocol is an international telecommunications standard used to ...
Excel column search

How to Detect and Search for SolarWinds IOCs in LogRhythm

| | LogRhythm Labs
LogRhythm Labs has gathered up the indicators of compromise (IOCs) from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in a GitHub repository for ...
Example of a volume analysis showing how many times certain techniques are mentioned in a threat report

Threat Hunting Framework: Three Steps to Translate Threat Reports into Actionable Steps

Thanks to Sally Vincent and Dan Kaiser from the LogRhythm Labs team for developing the process and guiding content described in this post. Threat research can be an invaluable asset to security ...