Collaborate Disseminate
I published the following diary on isc.sans.org: “The real value of an IOC?“: When a new malware sample is analysed by a security researcher, details are usually posted online with details of the behaviour and, based on this, a list of IOCs or “Indicators of Compromise” is published. Those indicators
[The post [SANS ISC] The real value of an IOC? has been first published on /dev/random]
I published the following diary on isc.sans.org: “Automatic Hunting for Malicious Files Crossing your Network“: If classic security controls remain mandatory (antivirus, IDS, etc), it is always useful to increase your capacity to detect suspicious activities occurring in your networks. Here is a quick recipe that I’m using to detect
[The post [SANS ISC] Automatic Hunting for Malicious Files Crossing your Network has been first published on /dev/random]
Continue reading [SANS ISC] Automatic Hunting for Malicious Files Crossing your Network
While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events,
[The post Splunk Custom Search Command: Searching for MISP IOC’s has been first published on /dev/random]
Continue reading Splunk Custom Search Command: Searching for MISP IOC’s
I published the following diary on isc.sans.org: “IOC’s: Risks of False Positive Alerts Flood Ahead“. Yesterday, I wrote a blog post which explained how to interconnect a Cuckoo sandbox and the MISP sharing platform. MISP has a nice REST API that allows you to extract useful IOC’s in different formats.
[The post [SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead has been first published on /dev/random]
Continue reading [SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead
With the number of attacks that we are facing today, defenders are looking for more and more IOC’s (“Indicator of Compromise) to feed their security solutions (firewalls, IDS, …). It becomes impossible to manage all those IOC’s manually and automation is the key. There are two main problems with this
[The post Quick Integration of MISP and Cuckoo has been first published on /dev/random]
7 OCT 2016 saw the release of MISP 2.4.52.MISP, Malware Information Sharing Platform and Threat Sharing, is free and open source software to aid in sharing of threat and cyber security indicators.An overview of MISP as derived from the project home pag… Continue reading Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52
7 OCT 2016 saw the release of MISP 2.4.52.MISP, Malware Information Sharing Platform and Threat Sharing, is free and open source software to aid in sharing of threat and cyber security indicators.An overview of MISP as derived from the project home pag… Continue reading Toolsmith Release Advisory: Malware Information Sharing Platform (MISP) 2.4.52
MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP… Continue reading MISP – Malware Information Sharing Platform
MISP (“Malware Information Sharing Platform“) is a free software which was initially created by the Belgian Defence to exchange IOC’s with partners like the NCIRC (NATO). Today it became an independent project and is mainly developed by a group of motivated people. MISP is mainly used by CERT’s (“Computer Emergency Response Team”) but also private companies to exchange thousands on IOC’s on a daily basis. MISP … Read More →
[The post Running MISP in a Docker Container has been first published on /dev/random]