The “Here You Have” virus hit about 500 PCs at Salt River Project, a large public power utility and water supplier for Arizona. Security and information event management (SIEM) equipment was used to monitor events, trouble-shoot the network and provide log management. SIEM gear called QRadar from Q1 Labs was able to detect the PCs that had been hit by analyzing the abnormal behavior the PC started to display. The SIEM has been helpful in many trouble-shooting scenarios, an analyst says.”]
Source: https://www.csoonline.com/article/2126096/av-didn-t-help-utility-with-malware-attack.html