Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Applies To: EventTracker 8.x and later.
Russia's civilian and military intelligence services engaged in aggressive and sophisticated cyber-enabled operations targeting the U.S. government and its citizens. The U.S. Government refers to this activity as GRIZZLY STEPPE. These cyber operations included spear phishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations, and theft of information from these organizations. This stolen information was later publicly released by third parties.
EventTracker helps you to detect GRIZZLY STEPPE attack using Indicator of compromise given by US-CERT from NCM events or any traffic report (e.g. Cisco ASA-Traffic details) of EventTracker.
EventTracker Knowledge Pack for Grizzly Steppe detection allows you to monitor the following components:-
Once NCM or traffic report is configured to persist report to EventTracker Manager; Reports can be generated.
Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide.
The configuration details in this guide are consistent with EventTracker version 7.x and later.
For more information please refer the Integration guide