-
Recently I have been working on mapping Window API calls to event IDs within Sysmon. Today I am releasing this project and a blog to talk about this more!
#DetectionEngineering Project: https://github.com/jsecurity101/Windows-API-To-Sysmon-Events … Blog:https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971 … -
New blog post: Engineering Yara rules - https://justanothergeek.chdir.org/2020/01/Engineering-Yara-rules/ …
#dfir#malware#yara#detectionEngineering -
Would love to see a talk on application of different
#DetectionEngineering theories in the context of ATT&CK -
Recently I have been working on producing graphs within Jupyter Notebooks. Here are two graphs: first being WSE 4662 being pulled from within the environment, the next is pulling DCSync behavior. Data analytics is fun
#DefendersThinkInGraphs#DetectionEngineering pic.twitter.com/8KkqZgRF48
-
How many of your
#SOC top 10 alerts in a given month are valuable data vs how many are noise? If you filter out a couple/month without losing visibility, it should be easier to see real attacks. We need more#DetectionEngineering; Vendors dont know your network, but you should! -
Very interesting article by Alex Maestretti: "A SOCless Detection Team at Netflix" https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/ … …
#soc#netflix#DetectionEngineering#BigData#streaming#security
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.