Tag: Threatintel

What Is Threat Intelligence?
What Is Threat Intelligence?

At least for two decades, we have been witnessing relentless changes in the threat landscape towards growth and sophistication, with both rough actors and state-sponsored collectives devising sophisticated offensive campaings against organizations globally. In 2024, adversaries, on average, proceed with 11,5 attacks per minute. Simultaneously, it takes 277 days for SecOps teams to detect and […]

Read More
The Prime Hunt v1.4.2: Chronicle Security Support & Mail Templates for Streamlined IOC Sharing
The Prime Hunt v1.4.2: Chronicle Security Support & Mail Templates for Streamlined IOC Sharing

In January 2023, SOC Prime launched The Prime Hunt, an open-source browser add-on acting as a single platform-agnostic UI for threat hunters, regardless of a security solution in use. For over one year since The Prime Hunt launch, we have been working on the tool enhancements, broadening the supported technology stack and adding handy features […]

Read More
Threat Hunting Maturity Model Explained With Examples
Threat Hunting Maturity Model Explained With Examples

In our series of guides on Threat Hunting Basics, we’ve already covered multiple topics, from techniques and tools threat hunting teams use to the certifications for professionals and beginners. But what makes good Cyber Hunting, and how can you evaluate it? One of the ways to measure the effectiveness of the hunting procedures is by […]

Read More
Threat Hunting Techniques, Tactics, and Methodologies: Your Step-by-Step Introduction
Threat Hunting Techniques, Tactics, and Methodologies: Your Step-by-Step Introduction

We could start this article with a bold statement saying that Threat Hunting is easier than you think, and by reading our blog post, you will instantly become a pro. Unfortunately or luckily, that’s not the case. However, we understand that starting out as a Cyber Threat Hunter is tough. That’s why we are introducing […]

Read More
Deliver TI feeds into ArcSight without false positive triggers
Deliver TI feeds into ArcSight without false positive triggers

Every ArcSight user or administrator is faced with false positive rule triggers while delivering threat intelligence feed into ArcSight. This mostly happens when threat intel source events are not excluded from rule condition or connector tries to resolve all IP addresses and host names that are processed.

Read More