CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Question

Hello community, I can't find the answer to these question

I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers

Any helpis appreciated. Thanks

maxcucchi · Answer

Hi AtakanBal, I hope you are doing well!I appreciate you raising this matter through the community. Since you raised this question, I have worked internally with our lab content team, as it did appear there were issues occurring in this particular lab.
The team has now rolled out a fix allowing you to surface those events within the lab environment, so this should be working again without issues!
If you continue having the same problem in the lab, please keep in touch, and I will gladly take another look.

tillycorless · Answer

Hi AtakanBal I'll raise this internally and come back to you. In the meantime, somebody else within the community may be able to help.
Thanks!
Tilly

Forum Discussion

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Related Content

CVE-2024-5910 (Palo Alto Expedition) – Defensive

New CTI Lab: CUPS Remote Code Execution Vulnerability – Defensive

New CTI Lab: CVE-2024-30051 (Windows DWM Core Library Elevation of Privilege) – Defensive

New CTI Labs: CVE-2024-0012 and CVE-2024-9474 (Palo Alto PAN-OS) – Offensive and Defensive

This Week in The Human Connection

Recent Discussions

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

SuperSonic: Ep.6 – TEMPLE

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Foundational Static Analysis: Analyzing Structures