Are established applications editable?
Is it possible to edit the code for applications downloaded from Apple App Store or Google Play?
Category Archives: Anomaly Detection
Are established applications editable?
Is it possible to edit the code for applications downloaded from Apple App Store or Google Play?
Auditd and Auditbeat compatibility when using Sigma
I’m looking to integrate Sigma rules into my SOC ecosystem, and am bumping into issues with using Sigma rules.
Specifically, auditd includes a "type" field which tags logs with some category, while Auditbeat doesn’t.
Is there a w… Continue reading Auditd and Auditbeat compatibility when using Sigma
Sigma "keywords" rules and Auditbeat
I’ve recently begun using Auditbeat for capturing and streaming audit logs from my Linux machine.
I browsed the main rules repository, and noticed that many rules rely on the keywords feature of Sigma (e.g. this rule). However, I’m unable … Continue reading Sigma "keywords" rules and Auditbeat
Understanding XDR Detection Methods
I’m interested in security and redteaming in particular, and as I’m learning about the subject I’m trying to find out what kind of things a blue team EDR/XDR solution will look for as part of its behavioral analysis/zero day detection/inse… Continue reading Understanding XDR Detection Methods
All About PowerShell Attacks: The No. 1 ATT&CK Technique
How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework. The study revealed that PowerShell Command & […]
The post All About PowerShell Attacks: The No. 1 ATT&CK Technique appeared first on Security Intelligence.
Continue reading All About PowerShell Attacks: The No. 1 ATT&CK Technique
Does SIEM incorporate UBA? [closed]
As I understand, user behaviour analytics (UBA) makes use of statistical analysis of user behaviour to identify abnormal behaviour that may be indicative of a cyber attack.
Security information and event management (SIEM) technology analys… Continue reading Does SIEM incorporate UBA? [closed]
Bot detection for custom application metrics [closed]
We have a content-heavy website that allows users to register there. We also send OTP to users while they register to verify the mobile number.
We also have WAF rules set in place to detect unusual traffic plus a dedicated bot manager(with… Continue reading Bot detection for custom application metrics [closed]
Bot detection for custom application metrics [closed]
We have a content-heavy website that allows users to register there. We also send OTP to users while they register to verify the mobile number.
We also have WAF rules set in place to detect unusual traffic plus a dedicated bot manager(with… Continue reading Bot detection for custom application metrics [closed]
Defining user anomalies by analysing web server interaction counts [closed]
I’m researching log-analysis using webserver/HTTP logs, so I created the pipeline for this use case (Anomaly detection). Let’s say I have number/counts of logged records/events for each username.
The problem is I’m not sure what is the be… Continue reading Defining user anomalies by analysing web server interaction counts [closed]