IOC – Page 5 – WindowsTechs.com

[SANS ISC Diary] Retro Hunting!

Posted on March 15, 2017 by Xavier

I published the following diary on isc.sans.org: “Retro Hunting!“. For a while, one of the security trends is to integrate information from 3rd-party feeds to improve the detection of suspicious activities. By collecting indicators of compromize, other tools may correlate them with their own data and generate alerts on specific conditions.

[The post [SANS ISC Diary] Retro Hunting! has been first published on /dev/random]

Continue reading [SANS ISC Diary] Retro Hunting!→

[SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead

Posted on January 26, 2017 by Xavier

I published the following diary on isc.sans.org: “IOC’s: Risks of False Positive Alerts Flood Ahead“. Yesterday, I wrote a blog post which explained how to interconnect a Cuckoo sandbox and the MISP sharing platform. MISP has a nice REST API that allows you to extract useful IOC’s in different formats.

[The post [SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead has been first published on /dev/random]

Continue reading [SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead→

Quick Integration of MISP and Cuckoo

Posted on January 25, 2017 by Xavier

With the number of attacks that we are facing today, defenders are looking for more and more IOC’s (“Indicator of Compromise) to feed their security solutions (firewalls, IDS, …). It becomes impossible to manage all those IOC’s manually and automation is the key. There are two main problems with this

[The post Quick Integration of MISP and Cuckoo has been first published on /dev/random]

Continue reading Quick Integration of MISP and Cuckoo→

Citrix XenApp/Server/Desktop rules for SIEM systems

Posted on January 1, 2017 by sahar q

I need some directioning regarding SIEM rules for Citrix server/XenApp/XenDesktop.

I need to find Citrix IOC, or at least detect suspicious activity and i dont know where to begin from.

so if any of you can help that would… Continue reading Citrix XenApp/Server/Desktop rules for SIEM systems→

Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52

Posted on October 8, 2016 by Russ McRee

7 OCT 2016 saw the release of MISP 2.4.52.MISP, Malware Information Sharing Platform and Threat Sharing, is free and open source software to aid in sharing of threat and cyber security indicators.An overview of MISP as derived from the project home pag… Continue reading Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52→

Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52

Posted on October 8, 2016 by Russ McRee