Support & Downloads

Quisque actraqum nunc no dolor sit ametaugue dolor. Lorem ipsum dolor sit amet, consyect etur adipiscing elit.

Contact Info
198 West 21th Street, Suite 721
New York, NY 10010
[email protected]
+88 (0) 101 0000 000
Follow Us

Malware Fighting with SureLog SIEM

We will show you how SureLog SIEM can effectively identify and stop malware on the host.


Use case: Malware Dropped to a HOST


  • URL link over an email received
  • User clicked on it and provided the required information
  • User received a LOG-IN notification from a system, he/she was authorized to access
  • User reported that she did not log in


For this use case, we will use:


  • Mail gateway or sandbox logs which has the URL part of the mail message,
  • Proxy or UTM logs
  • Authentication logs from servers, databases, network devices, etc..


With SureLog SIEM, security admins have two detection options.

  1. Correlation
  2. Log investigation.




Use Case steps:


  • Get URL link from mail gateway log. Ex Fortisandbox,
  • Check if there is a request to this URL from proxy logs,
  • Check if there is an authentication within 15 minutes with this user account.


Rule Description:


The first part of the rule [GeneralCorrelationObject [1]] collects log from mail gateway(sandbox). The IP of this log source is and checks if the log contains any URL address.


The second part of the rule [GeneralCorrelationObject [2]] collects log from proxy or UTM. The IP of this log source is This part of the rule checks if the logs contain any URL address which was detected on mail gateway logs before.


The third part of the rule [GeneralCorrelationObject [3]] collects log from all the log sources and checks if there is any authentication with the same user.


Log Investigation

Details of log investigation