Exploit Content Pack

Overview

Malicious attackers leverage exploits to gain access to your network resources and data. This content pack provides an easy-to-read analysis of known exploits and when they occur on the network; a logical workflow for reviewing exploit signatures and interactions with computing resources; and rapid insight into specific resources that have been used for exploit attempts and that are possibly compromised. These critical insights and analysis allow you to implement effective quarantine procedures and to further investigate what other resources may have been compromised.

Content Pack Components

Alarms
  • Exploit – Attempt on Internal Host
  • Exploit – MountMgr Exploit Attempt
  • Exploit - WannaCry Events Detected
Reports

Gives information on all exploit events occurring on the network or all activity occurring on specific resources that have possibly been compromised.

  • Exploit – Potentially Compromised Hosts
  • Exploit – Potential Exploit Report
Views
  • Exploit Overview
  • Potentially Exploited Device Activity
  • Potential Exploit Activity
  • Potentially Exploited Host Activity
Correlation Rules
  • Exploit – FTP Login after Possible Exploit
  • Exploit – Increasing Number of Exploit Events Occurring on an Internal Host
  • Exploit – SSH Login after Possible Exploit
  • Exploit – Shellshock Exploit Attempt
  • Exploit – VoIP Exploit on a local Host
  • Exploit – Attempted Kerberos Ticket Manipulation
  • Exploit – Exploits on Potentially Compromised Hosts
Watchlists
  • Exploit – Potentially Compromised Hosts (IP Address)
  • Exploit – Potentially Compromised Hosts (Host)
  • Exploit - WannaCry SigIDs

Required Products

  • McAfee Enterprise Security Manager (ESM) 10.0.x, 9.6.x, 9.5.x
  • McAfee Advanced Correlation Engine (ACE) 10.0.x, 9.6.x, 9.5.x

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article

Explore

Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?

Register for Free Trial
Back to top