Parsing IIS and Exchange server logs for IOC's
R
Runar Verwaal
Parse IIS logs and exchange logs for known Indications of Comprimises.
A lot of the latest Exchange vulnerabilities last few years have had "easy to detect" IOCs, but not many tools have the posibility to automatically parse for these IOC's.
Exchange has hat a lot of RCE and other high CVSS vulnerabilities and could be used to used to gain knowledge of internal infrastructure.
Would be great if Huntess could:
- identify Exchange servers and IIS servers and report version numbers.
- help warn if known vulnerabilities on the Exchange Servers.
- Monitor known exchange and IIS logs for known IOC's and report if found!
(last one could be a feature in SIEM, requiring upsell :))