Malicious attackers leverage exploits to gain access to your network resources and data. This content pack provides an easy-to-read analysis of known exploits. It includes reviewing exploit signatures, interactions with computing resources, and rapid insight into specific resources that have been used for exploit attempts and that are possibly compromised. These critical insights and analysis allow you to implement effective quarantine procedures and to further investigate what other resources may have been compromised.

Content Pack Components


  • Exploit – Attempt on Internal Host
  • Exploit – MountMgr Exploit Attempt
  • Exploit - WannaCry Events Detected


Gives information on all exploit events occurring on the network or all activity occurring on specific resources that have possibly been compromised.

  • Exploit – Potentially Compromised Hosts
  • Exploit – Potential Exploit Report


  • Exploit Overview
  • Potentially Exploited Device Activity
  • Potential Exploit Activity
  • Potentially Exploited Host Activity

Correlation Rules

  • Exploit – FTP Login after Possible Exploit
  • Exploit – Increasing Number of Exploit Events Occurring on an Internal Host
  • Exploit – SSH Login after Possible Exploit
  • Exploit – Shellshock Exploit Attempt
  • Exploit – VoIP Exploit on a local Host
  • Exploit – Attempted Kerberos Ticket Manipulation
  • Exploit – Exploits on Potentially Compromised Hosts


  • Exploit – Potentially Compromised Hosts (IP Address)
  • Exploit – Potentially Compromised Hosts (Host)
  • Exploit - WannaCry SigIDs

Required Products

  • McAfee Enterprise Security Manager (ESM) 11.x, 10.x
  • McAfee Advanced Correlation Engine (ACE) 11.x, 10.x

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article


Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?