Energy Security Feed

Energy Security Feed is the security content pack shipped with the product. It groups three complementary areas:

• IOC Threat Lists — Malware Information Sharing Platform (MISP) indicators of compromise fetched from the Energy Logserver feed repository, indexed and distributed to ELS Network Node pipelines as translate dictionaries. Requires a SIEM-PLAN license (see IOC Feed).

• Windows Events ID Repository — a reference table of Windows Security Event IDs and the shipped Active Directory dashboards that consume them.

• Security Rules — a library of pre-defined correlation rules for the Alerts module, grouped by platform (cluster health, Windows, Cisco ASA, Fortigate, Palo Alto, and more).

• IOC Feed (MISP Threat Lists)
  • How it works
  • Feed categories
  • Feed file format
  • Generated dictionary format
  • Installation paths
  • Configure feed credentials
  • Scheduling
  • Custom exclude and include lists
  • Using IOC in alert rules
  • Using IOC in ELS Network Node pipelines
  • Verification
  • Troubleshooting
  • Further reading
• Windows Events ID Repository
  • Netflow analysis
• Security Rules
  • Cluster Health rules
  • MS Windows SIEM rules
  • Network Switch SIEM rules
  • Cisco ASA devices SIEM rules
  • Linux Mail SIEM rules
  • Linux DNS Bind SIEM Rules
  • Fortigate Devices SIEM rules
  • Linux Apache SIEM rules
  • RedHat / CentOS system SIEM rules
  • Checkpoint devices SIEM rules
  • Cisco ESA devices SIEM rule
  • Forcepoint devices SIEM rules
  • Oracle Database Engine SIEM rules
  • Paloalto devices SIEM rules
  • Microsoft Exchange SIEM rules
  • Juniper Devices SIEM Rules
  • Fudo SIEM Rules
  • Squid SIEM Rules
  • McAfee SIEM Rules
  • Microsoft DNS Server SIEM Rules
  • Microsoft DHCP SIEM Rules
  • Linux DHCP Server SIEM Rules
  • Cisco VPN devices SIEM Rules
  • Netflow SIEM Rules
  • MikroTik devices SIEM Rules
  • Microsoft SQL Server SIEM Rules
  • Postgress SQL SIEM Rules
  • MySQL SIEM Rules