jolin wong Posted August 25, 2018 Posted August 25, 2018 in my previous company, we use arcsight siem, so malware ticket is generated after siem get log from various resouce, in the log we can see malware name (for example name of *.exe, *.pdf, *.doc file), also malware can be downloaded from siem, my current company facing a problem, the arcsight siem can't sow malware name, also attachment does not have malware executable file. it is very difficult to analyze malware, is there anything need to be configured from siem, so malware name will appear and dowloadable. or we have to set up a ftp folder for user to upload the suspected exe file, then we analyze from there?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now