Blog

Interview with Developer: Nate Guagenti

Meet Nate Guagenti Over a decade, Nate has both deployed and engineered network and endpoint SIEMs that have scaled to multiple-TB/day of ingest, while simultaneously using and training others on the deployed solution. As Nate has worked in all facets of IT, he adds the unique experience of someone who has performed both endpoint and network […]

Read more
Interview with Developer: Thomas Patzke

We keep interviewing the developers of our Threat Bounty Program  (https://my.socprime.com/en/tdm-developers) to encourage cybersecurity professionals to develop more Sigma rules, share their threat-detection content and build a stronger community. The previous interview is here https://socprime.com/blog/interview-with-developer-florian-roth/ Meet Thomas Patzke Thomas is one of the most inspiring experts in the cybersecurity community who has 13+ years of […]

Read more
Threat Detection Marketplace – Getting Ready to Explore

Threat Detection Marketplace is a community-based library of relevant and actionable threat detection content that has been uniting cybersecurity content authors to stand on the defensive of cyberspace to deliver the best content to the community for five years already. TDM provides ready-made tested Rule Packs, SIGMA rules, parsers, natively integrating applications as well as […]

Read more
Interview with Developer: Florian Roth

We keep writing a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers). The previous interview is here: https://socprime.com/blog/interview-with-developer-lee-archinal/ Meet Florian Roth.  Florian Roth is CTO of Nextron Systems GmbH. He is the creator of APT Scanner THOR – Scanner for Attacker Activity and Hack Tools and the developer of the Nextron’s most comprehensive handcrafted […]

Read more
Threat Hunting Basics: Getting Manual

The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]

Read more
Continuous Compliance as a Code P1: Sigma

Compliance has always been a sort of Reactive process since standards are long, take tons of effort and a while to update, even more time to implement and the audit process happens once a year. Coming from the SIEM world I was dealing with Compliance through a prism of canned reports which usually return empty […]

Read more
Interview with Developer: Lee Archinal

We are starting a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers) to introduce you to these wonderful people who are searching the web for relevant threats and create unique content for their detection. Meet Lee Archinal! Hello Lee, hope you are inspired enough today to write a bit about yourself and your […]

Read more
Warming Up. Using ATT&CK for Self Advancement

Introduction Many blue teams are using MITRE ATT&CK for advancement in the maturity of their detection and response. Blue team’s arsenal of EDR tools, event logs, and triage tools are all opening up the story of what’s occurring on endpoints. However, anomalies are normal and these alerts and data sources need to be triaged to […]

Read more
Daily Challenges of CFO in Cyber Security Company

I have been working in the company since its founding in 2015, and during this time SOC Prime has evolved from a small startup into a rapidly growing international company. Our employees are also growing professionally to keep up with the pace of development. For each of us, working at SOC Prime brought forth unexpected […]

Read more
Proactive detection content: CVE-2019-0708 vs ATT&CK, Sigma, Elastic and ArcSight

I think the most of security community has agreed that CVE-2019-0708 vulnerability is of critical priority to deal with. And while saying “patch your stuff!” feels like the first thing that one should think of, the memories of WannaCry and NotPetya are still fresh in my mind. We know that patching ain’t gonna happen at […]

Read more