cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to configure CS-MARS to prevent Day Zero exploit

1374
Views
0
Helpful
0
Comments

Core issue

A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

Resolution

In order to prevent Day Zero exploit, these rules can be configured CS-MARS:

  • System Rule: Client Exploit - Mass Mailing Worm

  • System Rule: Network Activity: Excessive Denies - Host Compromise Likely

  • System Rule: Worm Propagation - Attempt

  • System Rule: Sudden Traffic Increase To Port

  • System Rule: Modify Host: Registry

  • System Rule: Modify Host: Security

Refer to System Rules and Reports for more information.

Content for Community-Ad