Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1

A Security Operations Center (SOC) watches an organization’s IT systems for cyber threats 24/7. It quickly finds and fixes security problems and uses Security Information and Event Management (SIEM) tools to collect and analyze alerts and logs. SIEMs depend on log Collectors servers, which gather data from many sources and send it to the SIEM. … Continue reading Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1 →

Detecting Teams Chat Phishing Attacks (Black Basta)

A person in a suit is overwhelmed by a pile of envelopes while typing on a keyboard, with a computer screen displaying "Help Desk" nearby. Another individual in a hooded jacket is reaching towards the person, symbolizing a phishing threat. The background is filled with binary code.

For quite a while now, there has been a new ongoing threat campaign where the adversaries first bomb a user's mailbox with spam emails and then pose as Help Desk or IT Support on Microsoft Teams to trick their potential victims into providing access. This social engineering tactic is being attributed to the ransomware group "Black Basta".

Validate your Windows Audit Policy Configuration with KQL

We provide a KQL query that will help you validate your defined Windows audit security policy configuration. Defining a Windows audit policy is an important step in establishing a robust security posture. Ensuring that the audit policy is applied consistently across your environment is just as important as defining that policy and quality controls should be in place.

RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall

Welcome, readers, to the first installment of our blog series "Preventing Exploitation and Abuse with the RPC Firewall".In this post, we'll delve into how to create rules for the RPC firewall and how to deploy them onto our servers.In the year 2024, we'll release the second part of this series, where we'll explore detection possibilities … Continue reading RPC or Not, Here We Log: Preventing Exploitation and Abuse with RPC Firewall →

Transforming search sentences to query Elastic SIEM with OpenAI API

In this blog post, we will explore how a powerful language model by OpenAI can automate the and bridge the gap between human language questions and SIEM query language.