Vcenter/ESxi Log Source - Build pineline rule to detect attack based on blacklist URL

Templates and Rules Exchange Pipeline Rules

taibui (Bùi Đức Tài) January 13, 2023, 10:07am 1

We collect all blacklist URL which can use to attack vcenter/esxi server from remote address.
If we push logs to a centralized system like Graylog, we can immediately detect attacks on the system.
Link github:

Team SOC can also monitor through the dashboard

Topic		Replies	Views
VMWare VCenter and ESXI Version 8.X Content Pack content-pack	2	3499	February 14, 2024
[Graylog (SIEM) Lookup Table + Threat Hunting] Free IoC database with more than 59 Million records to detect latest cyber threats Graylog Add-ons	3	774	January 27, 2023
[Security] Monitor/Detect/Alert for anomaly behaviors on the server with osqueryOsquery + Graylog Other Solutions other_solutions	5	1598	January 18, 2023
Collecting VMWare/VCSA-Logs - Best practice Graylog Central (peer support)	3	4448	January 29, 2022
Messages stop being read from disk journal Graylog Central (peer support)	13	793	July 12, 2022

Vcenter/ESxi Log Source - Build pineline rule to detect attack based on blacklist URL

Related topics