Threat Detection

Loginsoft Threat Detection rules provides visibility for enterprises to quickly identify the attacks or attack attempts thus allowing a SOC analyst and first incident responders to easily prioritize the events and automate the further investigations. Upon diligent research we provide the threat detection patterns of all known exploits of a widely used components/software. The following are a few components which we were able to generate detection patterns.

CVEComponentSigmaSplunk
CVE-2017-7529nginxViewView
CVE-2013-4547nginxViewView
CVE-2013-2028nginxViewView
CVE-2010-2266nginxViewView
CVE-2010-2263nginxViewView
CVE-2009-4487nginxViewView
CVE-2017-17215Huawei HG532 RouterViewView
CVE-2009-3898nginxViewView
CVE-2018-16845nginxViewView
CVE-2017-7659Apache-HTTPDViewView
CVE-2017-12615Apache-HTTPDViewView
CVE-2018-11759Apache-HTTPDViewView
CVE-2019-10092Apache-HTTPDViewView
CVE-2019-10097Apache-HTTPDViewView
CVE-2019-10098Apache-HTTPDViewView
CVE-2020-1927Apache-HTTPDViewView
CVE-2020-5722Grandstream UCM6200 seriesViewView
CVE-2017-15715HTTPDViewView
CVE-2020-8515DrayTek Vigor SeriesViewView
CVE-2015-1427ElasticsearchViewView
MMVPower Video Digital RecorderMMVPower Video Digital RecorderViewView
CVE-2020-15348Zyxel CloudCNM SecuManagerViewView
Linksys E-seriesLinksys E-seriesViewView
Netlink_GPON_RouterNetlink_GPON_RouterViewView
NetGear_DVN_RCENetGear_DVN_RCEViewView
CVE-2020-12443BigBlueButtonViewView
CVE-2020-12112BigBlueButtonViewView
CVE-2018-12613phpMyAdminViewView
CVE-2018-7490uWSGIViewView
CVE-2016-10134ZabbixViewView
CVE-2017-14849Node.jsViewView

Blog TitleBlog Description
A New Approach to Accelerate Threat DetectionThis article explains the importance of early threat detection and illustrates in detail about how a SIEM solution like Splunk can be useful in threat detection and incident response. Read More…
Threat Detection with SIGMA RulesIncident Response is the action that you take to restore the ability to deliver organization business service Read More…