SIEM 알림 가이드: 효과적인 보안 위협 탐지 및 대응 전략

SIEM은 여러 시스템의 로그를 통합 분석하여 보안 위협을 탐지하며, 단순 데이터 수집을 넘어 상관관계 분석을 통해 공격 패턴을 식별한다.

🔗 원문 보기

That email attachment your coworker just opened? It's copying every password they've ever saved. Right now.

Full analysis: https://threatchain.io/agenttesla-sample-detected-copia-del-pago-anticipado-exe-f6b5bdd5

#cybersecurity #threatintelligence #infosec #SIEM

That email attachment your coworker just opened? It's copying every password they've ever saved. Right now.

Full analysis: https://threatchain.io/agenttesla-sample-detected-copia-del-pago-anticipado-exe-f6b5bdd5

#cybersecurity #threatintelligence #infosec #SIEM

🔍 Wazuh: A Solução SIEM Ideal para sua Empresa! 🛡️

O Wazuh é uma plataforma open source que oferece monitoramento de segurança robusto e resposta a incidentes. Com funcionalidades de SIEM e XDR, ele garante proteção em tempo real para ambientes on-premise e na nuvem, ajudando sua empresa a detectar e reagir rapidamente a ameaças.

👉 Descubra como o Wazuh pode fortalecer sua segurança: Wazuh: O SIEM Certo para sua Empresa

#Cibersegurança #Wazuh #SIEM #XDR #OpenSource

New IOCs observed from breached threat actor logs:

mavpaprokla[.]lat
smackit[.]lat

Recommend:
• Block/sinkhole at DNS and proxy layers
• Hunt across DNS, HTTP/S, EDR, and firewall telemetry
• Check for historical resolutions and outbound connections
• Review related infrastructure, certificates, and passive DNS pivots

If seen in your environment, treat as potentially malicious pending further enrichment.

#ThreatIntel #IOC #IOCs #CyberThreatIntelligence #DFIR #BlueTeam #SOC #ThreatHunting #Malware #Infosec #CyberSecurity #OSINT #DetectionEngineering #IncidentResponse #CTI #NetworkSecurity #DNS #ThreatResearch #CyberDefense #SIEM #EDR #MalwareAnalysis

The What’s New in #Graylog 7.1 webinar replay is now available! 🎬

Cover in 30 min: case-based triage, auto investigation creation, Impossible Travel & Log Fluctuation detection, dynamic shard sizing, Azure Blob Storage support, and a revamped Inputs page.

Free to watch → https://graylog.org/resources/webinar-whats-new-in-7-1/

#OpenSource #LogManagement #SIEM #Infosec #SysAdmin

node-ipc снова взломали — но не код, а домен за $9. Разбор атаки через DNS-туннели, которой не увидел ни один SIEM

npm снова горит — и на этот раз атакующим даже не пришлось ломать код. Разбираем свежую supply chain-атаку на node-ipc , где доступ к популярному npm-пакету получили через… просроченный домен за $9. Без взлома npm, без bypass 2FA — только forgotten password и DNS. В статье: как payload крал AWS, SSH и .env , почему эксфильтрация шла через DNS TXT, почему SIEM почти ничего не увидел, как dormant-аккаунты становятся оружием — и почему подобные атаки скоро станут массовыми. Если у вас есть CI/CD, npm-зависимости или production на Node.js — это стоит прочитать.

https://habr.com/ru/articles/1035902/

#nodeipc #npm #supply_chain_attack #DNS_tunneling #DNS_exfiltration #SIEM #DevSecOps #npm_security #Nodejs #cybersecurity

Setzt hier jemand #Wazuh als SIEM ein?

Mich würden eure Erfahrungen interessieren. Vor allem, wie groß die Infrastruktur ist, in der ihr Wazuh einsetzt.

#cybersecurity #opensource #foss #security #network #siem #itsec

🔍 Wazuh: A Solução SIEM Ideal para sua Empresa! 🛡️

O Wazuh é uma plataforma open source que oferece monitoramento de segurança robusto e resposta a incidentes. Com funcionalidades de SIEM e XDR, ele garante proteção em tempo real para ambientes on-premise e na nuvem, ajudando sua empresa a detectar e reagir rapidamente a ameaças.

👉 Descubra como o Wazuh pode fortalecer sua segurança: Wazuh: O SIEM Certo para sua Empresa

#Cibersegurança #Wazuh #SIEM #XDR #OpenSource

Alert was right. Location was unknown. #HackWithHeart #ToonThursday #SIEM

Subscribe to the weekly comic - https://hackwithheart.com/subscribe

https://hackwithheart.com/comics/impossible-travel-truly?utm_source=mastodon&utm_medium=jetpack_social