User Account

All Pages

Data exfiltration by cloud services

Assignment Help Basic Computer Science
Reference no: EM133214217

Need Suggestions to Improve or make any Changes to the IBM Q Radar Rules with detailed  explanations:

Please do not mix all the rules. Need Separate explanation for each of all.

Rule 1: Apply UBA : Data Exfiltration by Cloud Services on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : File Transfer to Cloud services

Rule 2: Apply UBA : Large Outbound Transfer by High Risk User on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters
and when any of Username are contained in any of UBA : High Risk Users - AlphaNumeric (Ignore Case)
and when the event matches Bytes Sent (custom) is greater than or equal to 200,000

Rule 3: Apply UBA : User Geography Change on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : Excluded Geographic Locations, Incoming Traffic to High Risk Countries
and when any of Username are contained in any of UBA : User Geography Change - AlphaNumeric (Ignore Case)
and NOT when any of Username is the key and any of Source Geographic Country/Region is the value in any of UBA : Users Last Country - AlphaNumeric (Ignore Case)

Rule 4: Apply UBA : User Access from Multiple Locations on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : Excluded Geographic Locations
and when at least 2 events are seen with the same Username and different Source Geographic Country/Region in 15 minutes

Rule 5: Apply UBA : User Access from Unusual Locations on events which are detected by the Local system
and when an event matches all of the following BB:UBA : Common Event Filters, BB:UBA : Excluded Geographic Locations, BB:UBA : Unusual Source Locations

Rule 6: Apply UBA : Detect IOCs For Locky on events which are detected by the Local system
and when an event matches any of the following BB:UBA : Common Log Source Filters
and when an event matches any of the following BB:UBA : Detect Locky Using IP, BB:UBA : Detect Locky Using URL

Rule 7: Apply UBA : Detect IOCs for WannaCry on events which are detected by the Local system
and when an event matches any of the following BB:UBA : Common Log Source Filters
and when an event matches any of the following BB:UBA : Detect WannaCry Using Hashes, BB:UBA : Detect WannaCry Using IP, BB:UBA : Detect WannaCry Using URL

Reference no: EM133214217

Questions Cloud

Hiding the social security number information : 1. Open ExcelTest.xls Workbook 2. Create 3 New Worksheets called: Manage, Formula, Pivot
Review plan to consult with the team via email : Review the below scenario and answer the tasks. Peter has asked Bob to review his plan to consult with the team via email.
Determine the appropriate fixes by testing hypotheses : As an IT support specialist at a help desk for a large company. Recently, the company created a knowledge base that IT support specialists can refer to when a u
Review the organisations policies : Review your organisation's policies and procedures for completing an intake interview for clients.
Data exfiltration by cloud services : Rule 1-Apply UBA-Data Exfiltration by Cloud Services on events which are detected by the Local system
Fundamental design of a network : The discussion assignment for this week will be about the fundamental design of a network and the problems associated with requirements definition for networks.
Fundamental design of a network : The discussion assignment for this week will be about the fundamental design of a network and the problems associated with requirements definition for networks.
Discuss the various types of security controls : Discuss the various types of security controls, how they relate to the security controls specified in the reading for NIST SP-800-53A, and how their implementat
Discuss the differences between standards : Discuss the differences between standards, policies, and guidelines

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Coso framework of internal controls is practiced

The COSO framework of internal controls is practiced within companies around the world.

  Privacy regulations upheld with shopping cart software

Analyze how the new shopping cart software upholds ethical trends in consumer privacy. Describe various privacy regulations upheld with shopping cart software.

  Financial incentive attached to the requirements

Due to Meaningful Use and the financial incentive attached to the requirements, using an EHR is now almost unavoidable on the job. HIM professionals

  Emphasis on electronically stored information

What likely effect will its emphasis on electronically stored information (ESI) have on an organization's need for a digital forensic capability?

  Display all of the integers from first value to second value

Display all of the integers from the first value to the second value, displaying the values vertically (that is, one value per horizontal line), with a header statement indicating that the list being displayed represents all of the integers betwee..

  How light source is treated during ray tracing processing

Typically, this setting is left at default until final renderings are being produced. To reduce gaps or facets in rendering which setting do you adjust?

  If bobby wants to eat as few calories as possible

if Bobby wants to eat as few calories as possible, which burger joint would you recommend that he eats at?

  What kind of software is this ad selling

An advertisement on a web site touts that the software for sale enables users to enter typed text, handwritten comments, drawings, or sketches

  Write a c++ interface for a double-ended list

Write a C++ interface for a double-ended list.

  Develop and manage the functions that oversee a new large

You are tasked as the Chief Information Security Officer for a large Fortune 500 International Firm to plan.

  Write a program to evaluate the arithmetic statement

By using an accumulator type computer with one address instructions3-By using a general register computer with two address instructions4- by using a stack-organized computer with zero-address operation instructions

  Find the maximum size of the send and receive windows

Find the maximum size of the send and receive windows, the number of bits in the sequence number field (m), and an appropriate time-out value for the timer.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd