SOFTWINK, INC.
JACKSONVILLE, FLORIDA

Who We Are We are a dedicated team of true security analysts, technologists and consultants committed to providing high-caliber services and technology. Company Information Founded in 2011 and located in Jacksonville, Florida, Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data. Specializing in Managed Security Services and Enterprise Security Consulting, Quadrant prides itself on helping our customers maintain a secure environment. Our unique offerings and consultative approach, coupled with a strong past performance and highly skilled security professionals make Quadrant the smart choice in the security consulting arena. Company Leadership [Update: No modifications to this rule.  We have noticed that in production it triggers on valid file movement.    As Jack repeatedly points out,  knowing your environment is important!  In the cases we've seen this fire off,  it has been easy enough to write excluding meta_content:! rule options] The first rule sets a xbit named "wmiprvse" for one second if Sagan see's the Windows event 4688 with a process name of "wmiprvse.exe".  You might have noticed the "xbit: nounified2" option.  This option tells Sagan to not write out a unified2 event when this signature is triggered.  This way,  we won’t create an “alert” that our SOC would have to investigate.  It does not stop Sagan from writing out it’s fast.log, alert.log, etc.   We can use those logs to help debug Sagan xbits. After extensive testing and some minor modifications,  Quadrant will be adding these rules into the standard Sagan rule set!   Jack Crook has done an excellent job and these rules will help people with early detection of hostile actors within there network.  When the rules are offically added,  we'll modify this page.    Our Sagan Solution is more than SIEM. It has evolved into an ecosystem that serves as an all-inclusive security solution. At Quadrant, we serve as the eyes and ears for our clients. Our solution provides the power and security of 24/7/365 monitoring, notification and remediation assistance by true security professionals, supported by ever evolving threat detection technologies and techniques.