Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – number widgets

Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC is data visualization, analysts can be swarmed with information, and finding out what piece of data is currently both relevant and significant can become hard. One of our tasks … Continue reading Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – number widgets →

Visualizing MISP Threat Intelligence in Power BI – An NVISO TI Tutorial

In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.

Filtering out top 1 million domains from corporate network traffic

During network traffic analysis and malware investigations, we often use IP and domain reputation lists to quickly filter out traffic we can expect to be benign. This typically includes filtering out traffic related to the top X most popular websites world-wide. For some detection mechanisms, this technique of filtering out popular traffic is not recommended … Continue reading Filtering out top 1 million domains from corporate network traffic →

Going beyond Wireshark: experiments in visualising network traffic

Introduction At NVISO Labs, we are constantly trying to find better ways of understanding the data our analysts are looking at. This ranges from our SOC analysts looking at millions of collected data points per day all the way to the malware analyst tearing apart a malware sample and trying to make sense of its … Continue reading Going beyond Wireshark: experiments in visualising network traffic →