Tag: SIEM & EDR

SOC Prime’s Innovation for Collaborative Cyber Defense
SOC Prime’s Innovation for Collaborative Cyber Defense

Technical Highlights of the New SOC Prime Platform On September 14th, SOC Prime launches the platform for collaborative cyber defense, threat hunting, and threat discovery. The platform helps to detect threats easier, faster, and simpler by leveraging the de facto industry standard for Detection as Code languages (Sigma and Yara-L), the cutting-edge dynamically prioritized MITRE […]

Read More
Creating Google Chronicle Rules in Your Environment
Creating Google Chronicle Rules in Your Environment

Step-by-Step Guidelines SOC Prime continuously evolves partnership with Chronicle to provide Threat Detection Marketplace users leveraging Google Cloud’s security analytics platform with curated YARA-L 2.0 detections tailored to hunt out threats at Google speed. Currently, our Detection as Code platform offers 500+ Community YARA-L rules written by the SOC Prime Team. Also, Chronicle customers can […]

Read More
Creating Microsoft Azure Sentinel Rules in Your SIEM Instance
Creating Microsoft Azure Sentinel Rules in Your SIEM Instance

SOC Prime Threat Detection Marketplace provides access to 6,000+ Microsoft Azure Sentinel detections, including Queries, Rules, Functions, and Incident Response Playbooks mapped directly to MITRE ATT&CK® to match your organization-specific needs. You can seamlessly find the most relevant detections by applying the Microsoft sorting option and deploy content in a matter of clicks to your […]

Read More
SIEM Fundamentals (Part 1): First and Foremost, A Data Collection Problem
SIEM Fundamentals (Part 1): First and Foremost, A Data Collection Problem

Introduction The goal of this series is to put readers in the right mindset when thinking about SIEM and describe how to set themselves up for success. While I’m not a Data Scientist and don’t claim to be, I can confidently say that expecting results in security analytics without first having “good data” to work with is folly. This is why […]

Read More
Short-Cutting the Threat Hunting Process
Short-Cutting the Threat Hunting Process

Why Short-Cut The Threat Hunting Process? As with any security operations endeavor, we want to balance efficacy and efficiency to produce the best results with the smallest amount of resources. Unfortunately, Threat Hunting is often seen as a ‘luxury’, reserved only for the most advanced sec-ops teams with ample budgets to fund expert resources and […]

Read More
Threat Hunting Basics: Getting Manual
Threat Hunting Basics: Getting Manual

The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]

Read More
The Theory and Reality of SIEM ROI
The Theory and Reality of SIEM ROI

Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]

Read More
Active Lists in ArcSight, Automatic Clearing. Part 2
Active Lists in ArcSight, Automatic Clearing. Part 2

A very common task for all ArcSight content developers is cleaning active lists on a scheduled basis or on-demand automatically. In the previous post I have described how to clear Active Lists on scheduled basis using trends: https://socprime.com/en/blog/active-lists-in-arcsight-automatic-clearing-part-1/ Today I will show you another two ways how this can be achieved. Automatic clearing of Active Lists […]

Read More
Creating a simple dashboard that monitors accessibility of sources in Splunk
Creating a simple dashboard that monitors accessibility of sources in Splunk

In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]

Read More
Using depends panels in Splunk for creating convenient drilldowns
Using depends panels in Splunk for creating convenient drilldowns

In the previous article, we have examined simple integration with external web resources using drilldowns. If you missed it, follow the link: https://socprime.com/en/blog/simple-virus-total-integration-with-splunk-dashboards/ Today we will get acquainted with one more interesting variant of drilldowns in Splunk: using depends panels. Depends panels in Splunk: an interesting way to use drilldowns in dashboards Very often there is […]

Read More