Cybersecurity: Easy SIEM Rule to Detect Attacks! #shorts

The vast majority of organizations do not have the ability to successfully detect these types of attacks, which is ridiculous. Uh, any SIM worth with their shot their salt should be able to detect this, but unfortunately it's a little bit rare. So, what I'm going to do is I'm going to create a custom rule in event viewer that if anybody tries to access the Frank account, it's automatically going to create uh it's going to show us a rule. Uh, it's going to show us the event log in event viewer. Uh, so like I said, if I can do this in five minutes in event viewer, um, you absolutely should be able to do this in your super expensive SIM. It's

basically setting a rule. If anybody ever tries to log in to this specific account, lock it or deal with it immediately. And because it attempted to log in to Frank's account, if we go back to Windows event viewer, you will see if I refresh, I think two or three new event logs where somebody failed to log in to the Frank account. Once again, does this seem hard? No. This isn't difficult at all. This is super easy to do. It doesn't cost you anything. I will warn you, there are vendors that will charge you hundreds of thousands of dollars to do this for you. Um, you don't need to spend that money. like set up a honey share, set up a Honey user.