Introduction We are happy to announce that the awesome people maintaining the Sigma project on GitHub have merged our work to support the ee-outliers backend! So what you can you do with this? Sigma already contained support for Elasticsearch through the es-dsl and es-qs backends. However, these generate queries then need to be integrated by … Continue reading Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!
Introduction Earlier this week, we released logalert.py, a simple python tool that can be used to pipe standard output to email for the purpose of alerting. In this blog post we want to give a concrete example of how logalert.py can be used to get simple & reliable email notifications about suspicious firewall connections, based on … Continue reading Email alerting on geographically suspicious firewall connections using logalert.py, geoiplookup and AbuseIPDB
Introduction Today we are releasing a small but useful tool, logalert.py. This tool can be used to pipe standard output to email for the purpose of alerting. A simple caching system is used to avoid sending duplicate alerts within a certain timeframe. The tool was developed for cases where you want a simple and robust … Continue reading Releasing logalert.py – Smart piping of command output to email for alerting
Today, we are announcing the retirement of NVISO ApkScan, our online malware scanning service we launched back in 2013. ApkScan was born with the purpose of offering the (security) community a free, reliable and quality service to statically and dynamically scan Android applications for malware. Since the inception of the project, it has been a … Continue reading Sunsetting NVISO ApkScan
In this post, we will illustrate how ee-outliers can be used to detect suspicious child processes. This can be a very helpful way of spotting malicious endpoint activity during our Threat Hunting activities. A few examples where detecting suspicious child processes could help us: Detection of a malicious Microsoft Word file spawning cmd.exe Detection of … Continue reading Detecting suspicious child processes using ee-outliers and Elasticsearch
Earlier today, we open-source ee-outliers, our in-house developed framework to detect outliers in events stored in Elasticsearch. This blog post is the first of several in which we want to dive a bit deeper in how we use ee-outliers ourselves in our own security monitoring activities. Today we will look at how ee-outliers can be … Continue reading TLS beaconing detection using ee-outliers and Elasticsearch