User Account

All Pages

Data exfiltration by cloud services

Assignment Help Basic Computer Science
Reference no: EM133214217

Need Suggestions to Improve or make any Changes to the IBM Q Radar Rules with detailed  explanations:

Please do not mix all the rules. Need Separate explanation for each of all.

Rule 1: Apply UBA : Data Exfiltration by Cloud Services on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : File Transfer to Cloud services

Rule 2: Apply UBA : Large Outbound Transfer by High Risk User on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters
and when any of Username are contained in any of UBA : High Risk Users - AlphaNumeric (Ignore Case)
and when the event matches Bytes Sent (custom) is greater than or equal to 200,000

Rule 3: Apply UBA : User Geography Change on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : Excluded Geographic Locations, Incoming Traffic to High Risk Countries
and when any of Username are contained in any of UBA : User Geography Change - AlphaNumeric (Ignore Case)
and NOT when any of Username is the key and any of Source Geographic Country/Region is the value in any of UBA : Users Last Country - AlphaNumeric (Ignore Case)

Rule 4: Apply UBA : User Access from Multiple Locations on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : Excluded Geographic Locations
and when at least 2 events are seen with the same Username and different Source Geographic Country/Region in 15 minutes

Rule 5: Apply UBA : User Access from Unusual Locations on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : Excluded Geographic Locations, BB:UBA : Unusual Source Locations

Rule 6: Apply UBA : Detect IOCs For Locky on events which are detected by the Local system
and when an event matches any of the following BB:UBA : Common Log Source Filters
and when an event matches any of the following BB:UBA : Detect Locky Using IP, BB:UBA : Detect Locky Using URL

Rule 7: Apply UBA : Detect IOCs for WannaCry on events which are detected by the Local system
and when an event matches any of the following BB:UBA : Common Log Source Filters
and when an event matches any of the following BB:UBA : Detect WannaCry Using Hashes, BB:UBA : Detect WannaCry Using IP, BB:UBA : Detect WannaCry Using URL

Reference no: EM133214217

Questions Cloud

Hiding the social security number information : 1. Open ExcelTest.xls Workbook 2. Create 3 New Worksheets called: Manage, Formula, Pivot
Review plan to consult with the team via email : Review the below scenario and answer the tasks. Peter has asked Bob to review his plan to consult with the team via email.
Determine the appropriate fixes by testing hypotheses : As an IT support specialist at a help desk for a large company. Recently, the company created a knowledge base that IT support specialists can refer to when a u
Review the organisations policies : Review your organisation's policies and procedures for completing an intake interview for clients.
Data exfiltration by cloud services : Rule 1-Apply UBA-Data Exfiltration by Cloud Services on events which are detected by the Local system
Fundamental design of a network : The discussion assignment for this week will be about the fundamental design of a network and the problems associated with requirements definition for networks.
Fundamental design of a network : The discussion assignment for this week will be about the fundamental design of a network and the problems associated with requirements definition for networks.
Discuss the various types of security controls : Discuss the various types of security controls, how they relate to the security controls specified in the reading for NIST SP-800-53A, and how their implementat
Discuss the differences between standards : Discuss the differences between standards, policies, and guidelines

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd