This article may interest you

SQL Streaming Based Thread Detection in SureLog SIEM

Events and Trends

Example 1:

Profiler profiler=profiler.update("Profiler-10",generalcorrelationobject1.SourceAccount,"http_total",generalcorrelationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM",profiler.update("Profiler-10",generalcorrelationobject1.SourceAccount,"dns_total",generalcorrelationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM",new Profiler(); if (generalcorrelationobject1.getProtocol()=='HTTP') 1); else 1); if (generalcorrelationobject1.getProtocol()=='DNS')
createweekdaybaseline(String pure_profile_name,int dayofweek, int lastnumberofweeks,String parameter)
ProfilerUtil pu=pu.percentile(new ProfilerUtil(); // look for a user whose http to dns protocol ratio is %300 more than %95 of the other users for the last four week ratio for 4th day of week(Tuesday) 95,300,"Profiler-10",5,4,"http_total","dns_total");

Example 2:

Profiler profiler=new Profiler();
if (generalcorrelationobject1.getProtocol()=='HTTP')
profiler.update("Profiler-HTTP",generalcorrelationobject1.SourceMachine,"http_size",generalcorrelationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", generalcorrelationobject1.getRCVD());
ProfilerUtil pu=new ProfilerUtil(); // look for a user whose http to dns protocol ratio is %10 more than %95 of the other users for the last four week ratio for 4th day of week(Tuesday)

Example 3:

Profiler profiler=new Profiler();
if (generalcorrelationobject1.getProtocol()=='HTTP')
profiler.update("Profiler-HTTP-Length",generalcorrelationobject1.SourceMachine,"http_lenght",generalcorrelationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", generalcorrelationobject1.getURL().length());
ProfilerUtil pu=result=pu.meanHourly("Profiler-HTTP-Length",new ProfilerUtil(); // Mean for the last 7 hours 7);

Example 4:

Profiler profiler=new Profiler();
if (generalcorrelationobject1.getLogSubType()=='Snort')
profiler.update("Profiler-Snort",generalcorrelationobject1.SourceMachine,"snort",generalcorrelationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.getDay(),generalcorrelationobject1.getMonth(),"SUM", 1);
ProfilerUtil pu=result=pu.meanHourly("Profiler-Snort",new ProfilerUtil(); // Mean for the last 7 hours 7);

Example 5:

Profiler profiler=new Profiler();
if (generalcorrelationobject1.getTAXONOMY()==' Informational.Authentication.Succeeded')
profiler.update("Profiler-Login",generalcorrelationobject1.SourceAccount(), generalcorrelationobject1.SourceMachine,generalcorrelationobject1.getHour(),generalcorrelationobject1.getDayOfWeek(),generalcorrelationobject1.getDay(),generalcorrelationobject1.getMonth(),"ADD", 1);
ConcurrentHashMap profile=pu.createweekdaybaselineAsMap("Profiler-Login",7,4,"Login");CheckInList chk=new CheckInList();
if (profile!=null)
if(chk.isInList("log-term-logins","Login",generalcorrelationobject1.getSourceAccount(),generalcorrelationobject1.getSourceMachine()))
chk.notify(); 
GlobalListManager.profiles.put("log-term-logins",profile);

The content has been sourced from

SureLog SIEM Sample Use Cases -Rules&Models

Published On: August 21st, 2023 / Categories: News /

Subscribe To Receive The Latest News

Add notice about your Privacy Policy here.