Tag: Sigma

Interview with Developer: Osman Demir
Interview with Developer: Osman Demir

We present to your attention new interview with the participant in SOC Prime’s Developer Program (https://my.socprime.com/en/tdm-developers). Meet Osman Demir. Tell us a bit about yourself and your experience in threat-hunting. Hello, I’m Osman Demir. I live in Istanbul, Turkey, and I’m 25 years old. I finished my education in Computer Engineering in 2017, and I […]

Read More
Interview with Developer: Ariel Millahuel
Interview with Developer: Ariel Millahuel

We took another interview with one of the participants in SOC Prime’s Developer Program (https://my.socprime.com/en/tdm-developers). We want to introduce to you Ariel Millahuel. Ariel, could you please introduce yourself and tell us about your Threat Hunting experience? I’m Ariel Millahuel from Buenos Aires, Argentina and I’m 30 years old. I started in the Threat Hunting […]

Read More
Interview with Developer: Adam Swan
Interview with Developer: Adam Swan

We continue our series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers), threat hunters and cybersecurity enthusiasts to introduce you to these wonderful people who are searching the web for relevant threats and create unique content for their detection. Meet SOC Prime’s Senior Threat Hunting Engineer – Adam Swan. Adam, tell us a bit […]

Read More
Interview with Developer: Nate Guagenti
Interview with Developer: Nate Guagenti

Meet Nate Guagenti Over a decade, Nate has both deployed and engineered network and endpoint SIEMs that have scaled to multiple-TB/day of ingest, while simultaneously using and training others on the deployed solution. As Nate has worked in all facets of IT, he adds the unique experience of someone who has performed both endpoint and network […]

Read More
Interview with Developer: Thomas Patzke
Interview with Developer: Thomas Patzke

We keep interviewing the developers of our Threat Bounty Program  (https://my.socprime.com/en/tdm-developers) to encourage cybersecurity professionals to develop more Sigma rules, share their threat-detection content and build a stronger community. The previous interview is here https://socprime.com/blog/interview-with-developer-florian-roth/ Meet Thomas Patzke Thomas is one of the most inspiring experts in the cybersecurity community who has 13+ years of […]

Read More
Interview with Developer: Florian Roth
Interview with Developer: Florian Roth

We keep writing a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers). The previous interview is here: https://socprime.com/blog/interview-with-developer-lee-archinal/ Meet Florian Roth.  Florian Roth is CTO of Nextron Systems GmbH. He is the creator of APT Scanner THOR – Scanner for Attacker Activity and Hack Tools and the developer of the Nextron’s most comprehensive handcrafted […]

Read More
Continuous Compliance as a Code P1: Sigma
Continuous Compliance as a Code P1: Sigma

Compliance has always been a sort of Reactive process since standards are long, take tons of effort and a while to update, even more time to implement and the audit process happens once a year. Coming from the SIEM world I was dealing with Compliance through a prism of canned reports which usually return empty […]

Read More
Interview with Developer: Lee Archinal
Interview with Developer: Lee Archinal

We are starting a series of interviews with participants of the Developer Program (https://my.socprime.com/en/tdm-developers) to introduce you to these wonderful people who are searching the web for relevant threats and create unique content for their detection. Meet Lee Archinal! Hello Lee, hope you are inspired enough today to write a bit about yourself and your […]

Read More
Sigma Rules Guide for ArcSight
Sigma Rules Guide for ArcSight

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection. However, unlike Snort and […]

Read More