Elastic security
Download Now

Description

This are ACSC Advisory IOCs detection rules for Elastic SIEM.

The Australian Cyber Security Centre (ACSC) recently published an advisory outlining tactics, techniques and procedures used against multiple Australian businesses in a recent campaign by a state based actor.

SIEM rules were created using the list of IOCs published by the ACSC to detect and alert on a potential attack.

IOCs often change rapidly during campaigns and should not solely be relied upon for detections. However, it can be useful to maintain a list of IOCs in case other lines of defence are bypassed by the adversary.

Note that the SIEM rules currently run every 60 minutes, looking back at events from the last 60 minutes. The rules currently do not run actions for every execution. If you need to act on detections, it would be a good idea to set the frequency to Hourly rather than on each rule execution, to reduce the amount of noise created.

Here is a full blog post on the campaign and Elastic Security.

Source

Originally found here: https://github.com/elastic/examples/tree/master/Security%20Analytics/ACSC2020-008_IOCs

Tested versions 7.13
ECS compliant Yes

You must log in to submit a review.

Related downloads

Elastic security

Sigma Sysmon detection rules

content share admin by content share admin

A collection of rules based on the Sigma detection rules for Windows Sysmon events based on Winlogbeat data.

Download Now

Threat detection Kibana dashboard

content share admin by content share admin

Kibana dashboard example visualizing the results of the Elastic SIEM detection engine

Download Now
Elastic security

Sigma Windows inbuilt detection rules

content share admin by content share admin

A collection of rules based on the Sigma rules for Windows (inbuilt folder) based on Winlogbeat data .

Download Now
Elastic security

ACSC Advisory IOCs detection rules

content share admin by content share admin

ACSC Advisory IOCs detection rules for Elastic SIEM

Download Now
Logstash Downloads

OpenSIEM Logstash Parsing

content share admin by content share admin

Logstash Parsing Configurations for Elastic SIEM parses many different sources into ECS

Download Now
office-365-dashboard

Office 365 dashboards

content share admin by content share admin

A collection of Kibana dashboards to provide a holistic view of Microsoft Office 365 environments

Download Now

These downloads could be also interesting for you

APM Canvas example

APM Services overview canvas

Average rating:
content share admin by content share admin

An adaptive turn key canvas example based on Elastic APM data.

Download Now
suricata kibana dashboard

Filebeat Suricata Canvas dashboard

content share admin by content share admin

A Kibana Canvas dashboard example that visualizes suricata logs collected with Filebeat.

Download Now
Lens Conversion Rate

Lens Conversion Rate

content share admin by content share admin

Lens conversion rate for RUM data using Lens Formulas

Download Now
Elastic security

Sigma Elastic SIEM rules for web server logs

content share admin by content share admin

A collection of rules based on the Sigma detection rules for web server looks, e.g. apache, nginx or IIS.

Download Now
data-flow

Data flow canvas

Average rating:
content share admin by content share admin

This canvas examples shows some possibilities of how to visualize data flows. Every flow can be activated / deactivated based on your Elasticsearch data.

Download Now
vega clock

Vega Clock UTC

content share admin by content share admin

This is a working clock visualization in UTC time.

Download Now