SIEM Korelasyon Özelliği ve Performans

  • Too Many Different Destination Traffic
  • Too many DNS Queries
  • Too many failed login attempts
  • Too many users, server is full
  • 1 dakikada 10'dan fazla hatalı giriş
  • 10 dakika içerisinde 10 defa başarısız giriş denemesinden sonra başarılı oturum tespiti
  • Brute Force Attack Detected
  • Brute Force FTP Attack Detected
  • Brute Force Hosts Detected by Threat Intelligence Source
  • Brute Force MsSQL Attack Detected
  • Brute Force Oracle DB Attack Detected
  • Brute Force RDP Attack Detected
  • Brute Force VPN Attack Detected
  • Security Enable Global Group was changed
  • Security Enable Universal Group was changed
  • Security Enable Local Group was changed
  • User Created by Non Admin
  • Port Scan WAN
  • Dangerous Traffic Sent
  • Dangerous Traffic Received
  • Firewall Logon with Unknown Accounts
  • L2 MITM Detect Fake DHCP Sources
  • RDP Trace Same Source to Different Destinations
  • Firewall Configuration Added
  • Password Reset Attempted
  • Create user account and after user account has changed
  • Create user account and after logon failure
  • Zerologon Vulnerability (CVE-2020–1472)
  • A user account was unlocked
  • A user account was enabled
  • Login attempt with disabled account
  • A member added and join admin group
  • Remote DHCP Scanner
  • All Brute Force
  • Malicious Web Attack
  • Malicious Web Injection
  • Malicious Web SQL
  • UserDisable
  • PsExec Service Start
  • Detected By Threat Intelligence Feeds -Not Blocked By Firewall
  • User account deleted in short time after creation
  • A user account was locked out
  • VPN Login Inside




Entrepreneur,Security Analyst,Research.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Penta Security Systems: Ready to Open a New Era of Total Connected Car Security Solutions with…

CVE 2020–29138 — Improper Access Control in the SAGEMCOM router, model F@ST 3486 running NET_4.109.0

SSH For Dummies: What, Why, How?


Ask Once: Balancing Efficiency and Risk in Digital Governance

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ertugrul Akbas

Ertugrul Akbas

Entrepreneur,Security Analyst,Research.

More from Medium

Sloika raises $2 million to help arm photographers with tools for the digital Renaissance

MSTICPy Release 1.5

A Bokeh generated graph showing an incident and associated entity nodes.

BGP Remove Private AS

Discover Dreem, the ‘metaverse pipe,’ in 30 seconds