Identifying PowerShell Tunneling Through ICMP
Hackers are constantly looking for ways to bypass traditional network defenses, and exploiting the Internet Control Message Protocol (ICMP) as a covert channel for a reverse shell is a commonly used method for attack. However, you can use LogRhythm’s NetMon…
Read More
July 26, 2017
Analyzing ICMP Traffic with NetMon
The Internet Control Message Protocol (ICMP) is one of the foundational internet protocols that define how systems talk to each other. Commands such as ping and traceroute are supported by ICMP. Based on request for comments (RFC) 792, ICMP has…
Read More
July 26, 2017
Northampton County Improves Visibility and Automation with LogRhythm
LogRhythm Enhances Efficiency by Streamlining Security Operations Bob Mace, senior information security analyst, leads a small IT team to manage and secure Northampton County’s IT infrastructure. As the team faced mounting challenges and time-consuming manual processes, Mace turned to LogRhythm.…
Read More
July 20, 2017
Automate Project Management with SmartResponse
The SIEM is a great central aggregate for case data and analytics, but also has the ability to give your team back valuable time if you take advantage of automation. The more automation you can build into a SIEM, the…
Read More
July 20, 2017
Using the Internet of Things and SmartResponse to Receive SIEM Alarms
Wouldn’t it be great if you could be notified of SIEM alarms through the Internet of Things (IoT)? Well, now you can! Introducing the Philips Hue SmartResponseâ„¢ and PowerShell script. Imagine that your analysts are busy working on other things,…
Read More
July 6, 2017
Using LogRhythm to Support Preventative Cybersecurity Strategies
Preventing WannaCry and Petya / NotPetya Attacks Following the devastating WannaCry malware attack, the Petya / NotPetya wiper outbreak once again highlighted the necessity of having a proper defense in depth strategy in place. Defense in depth demands an organization…
Read More
July 6, 2017