Security monitoring teams can bypass significant efforts tied to event data normalization by directly deploying schema-aware detection rules with the SOC Prime’s Continuous Content Management module. Today’s cybersecurity landscape is overwhelmed with SIEM systems, EDR, NTDR & SOAR tools, next-gen XDR solutions, and innovative approaches navigating businesses through technology bottlenecks. Organizations tend to keep up […]
With the release of the SOC Prime Platform for collaborative cyber defense, threat hunting, and threat discovery, the capabilities to fully automate detection content streaming have been also taken to a new level. Now, the Continuous Content Management module is available to all users registered on the SOC Prime Platform with a corporate email address, […]
Technical Highlights of the New SOC Prime Platform On September 14th, SOC Prime launches the platform for collaborative cyber defense, threat hunting, and threat discovery. The platform helps to detect threats easier, faster, and simpler by leveraging the de facto industry standard for Detection as Code languages (Sigma and Yara-L), the cutting-edge dynamically prioritized MITRE […]
Step-by-Step Guidelines SOC Prime continuously evolves partnership with Chronicle to provide Threat Detection Marketplace users leveraging Google Cloud’s security analytics platform with curated YARA-L 2.0 detections tailored to hunt out threats at Google speed. Currently, our Detection as Code platform offers 500+ Community YARA-L rules written by the SOC Prime Team. Also, Chronicle customers can […]
SOC Prime Threat Detection Marketplace provides access to 6,000+ Microsoft Azure Sentinel detections, including Queries, Rules, Functions, and Incident Response Playbooks mapped directly to MITRE ATT&CK® to match your organization-specific needs. You can seamlessly find the most relevant detections by applying the Microsoft sorting option and deploy content in a matter of clicks to your […]
Introduction The goal of this series is to put readers in the right mindset when thinking about SIEM and describe how to set themselves up for success. While I’m not a Data Scientist and don’t claim to be, I can confidently say that expecting results in security analytics without first having “good data” to work with is folly. This is why […]
Why Short-Cut The Threat Hunting Process? As with any security operations endeavor, we want to balance efficacy and efficiency to produce the best results with the smallest amount of resources. Unfortunately, Threat Hunting is often seen as a ‘luxury’, reserved only for the most advanced sec-ops teams with ample budgets to fund expert resources and […]
The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]
Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project and initiative for creating a structured language for SIEM detection content. The concept is analogous to YARA for file-based detections, SNORT for IDS, and STIX for threat intelligence. However, Sigma takes this one step further by abstracting detection concepts […]
Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]