Tedi HeriyantoDetection Rules & MITRE ATT&CK Techniques: https://blog.snapattack.com/detection-rules-mitre-att-ck-techniques-7e7d7895b872
pejacobyShould a password spray detection in a SIEM alert you when there are 300+ failed logins against a collection of a dozen and a half accounts in an hour, or ONLY when one of those accounts subsequently logs in _successfully_ ?
Is it only a password spray if it eventually succeeds?
A collection of threat detection rules / rules engines: https://github.com/jatrost/awesome-detection-rules
#DetectionRules #yara #sigma #falco #snort #suricata #splunk #kql
GitHub - jatrost/awesome-detection-rules: This is a collection of threat detection rules / rules engines that I have come across.
This is a collection of threat detection rules / rules engines that I have come across. - GitHub - jatrost/awesome-detection-rules: This is a collection of threat detection rules / rules engines th...
Zeljka ZorzGoogle Cloud’s intelligence research and applications team released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers - https://www.helpnetsecurity.com/2022/11/21/cobalt-strike-attackers-detection-rules/ - #CobaltStrike #YARA #DetectionRules #RedTeam #BlueTeam #Cybersecurity #InfoSec
Marko JahnkeIn the early 2000s, #SvenHenkel and myself developed an #IDMEF/ #IDXP compliant security event message pipelining framework for collecting and consolidating log messages, e.g., from network #IDS, and #EDR products.
In the messages stream, we were able to match multi-stage #correlation #DetectionRules in near real-time (in-memory), before everything was stored in a central database. Structural graph-based #AnomalyDetection was developed later by some colleagues.
We called it #MetaIDS.
