Detection Rules & MITRE ATT&CK Techniques: https://blog.snapattack.com/detection-rules-mitre-att-ck-techniques-7e7d7895b872

#DetectionRules #mitreattack

Should a password spray detection in a SIEM alert you when there are 300+ failed logins against a collection of a dozen and a half accounts in an hour, or ONLY when one of those accounts subsequently logs in _successfully_ ?

Is it only a password spray if it eventually succeeds?

#detectionRules #passwordSpray

A collection of threat detection rules / rules engines: https://github.com/jatrost/awesome-detection-rules

#DetectionRules #yara #sigma #falco #snort #suricata #splunk #kql

Google Cloud’s intelligence research and applications team released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers - https://www.helpnetsecurity.com/2022/11/21/cobalt-strike-attackers-detection-rules/ - #CobaltStrike #YARA #DetectionRules #RedTeam #BlueTeam #Cybersecurity #InfoSec

In the early 2000s, #SvenHenkel and myself developed an #IDMEF/ #IDXP compliant security event message pipelining framework for collecting and consolidating log messages, e.g., from network #IDS, and #EDR products.

In the messages stream, we were able to match multi-stage #correlation #DetectionRules in near real-time (in-memory), before everything was stored in a central database. Structural graph-based #AnomalyDetection was developed later by some colleagues.

We called it #MetaIDS.