Clik here to view.
ArcSight: Use Case – Windows User Account Is Created
Summary This rule watches for new user accounts that are created on Windows servers. It will be triggered in case of having a user account created on a Windows server. Goal Identifying the new user...
View ArticleArcSight: Oracle DB – Useful Commands
Log in to sqlplus To log in to sqlplus you need to SSH to the Oracle server as root and run the following commands: root# su oracle oracle$ sqlplus / as sysdba Query – Explore ArcSight database oracle$...
View ArticleArcSight: Oracle DB – Troubleshooting
ERROR: TNS-00584: Valid node checking configuration error This error occurs when there is an invalid or unreachable hostname in the TCP.INVITED_NODES list in the “sqlnet.ora” file...
View ArticleQRadar: Importing a Trusted SSL Certificate via a PFX File
As QRadar needs both public and private key to be in clear-text format, you should follow the steps below to extract the keys from a pfx file: 1. The following command exports the private key and saves...
View ArticleArcSight: Manager – Troubleshooting
ERROR: java.sql.SQLException: Got minus one from a read call This error occurs when the connection from the manager to the database is not successful. To fix this error: 1. Check the status of the...
View ArticleClik here to view.
ArcSight: Use Case – Windows User Account Is Deleted
Summary This rule watches for new user accounts that are deleted on Windows servers. It will be triggered in case of having a user account deleted on a Windows server. Goal Identifying the new user...
View ArticleSupported Devices (Log Sources) by SIEM Vendors
Supported devices by HP/ArcSight http://www.hpenterprisesecurity.com/collateral/HP_ArcSight_Supported_Products.pdf Supported devices by IBM/QRadar http://q1labs.com/products/supported-devices.aspx...
View ArticleClik here to view.
ArcSight: Data Migration – Logger to Logger
Logger to Logger Data Migration From time to time, I get into customers that have been using ArcSight Logger for a couple of months as a POC box and once they make their decision to buy the Logger...
View ArticleCase Insensitive Regular Expressions in QRadar
One of the questions that I get about QRadar is how to write a case insensitive regex. One of the common examples is to search for all variations of the word “administrator” in the username field....
View Article