Whilst Microsoft is fixing the embedded files feature in OneNote I decided to abuse a whole other feature. Embedded URLs. Turns out this is something they may also have to fix.
Category: SOC
Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – text
Introduction Cortex XSOAR is a security oriented automation platform, and one of the areas where it stands out is customization. A recurring problem in a SOC (Security Operation Center) is data availability. As a SOC Analyst, doing a thorough analysis of a security incident requires having access to many pieces of information in order to … Continue reading Cortex XSOAR Tips & Tricks – Leveraging dynamic sections – text
Cortex XSOAR Tips & Tricks – Dealing with dates
Introduction As an automation platform, Cortex XSOAR fetches data that represents events set at defined moments in time. That metadata is stored within Incidents, will be queried from various systems, and may undergo conversions as it is moves from machines to humans. With its various integrations, Cortex XSOAR ingests datetimes from sources that use different … Continue reading Cortex XSOAR Tips & Tricks – Dealing with dates
The Key Role of the Service Delivery Manager at NVISO’s Managed Detect & Respond Service
The Service Delivery Manager (SDM) plays a key role in the delivery of our NVISO cybersecurity NITRO Managed Detect & Respond (MDR) services. As the main point of contact, we represent the client at NVISO and represent NVISO at the client. During the operational lifecycle of a contract, my fellow SDMs and I are responsible … Continue reading The Key Role of the Service Delivery Manager at NVISO’s Managed Detect & Respond Service
Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations
Introduction When a Threat Intelligence Management (TIM) license is present in your Cortex XSOAR environment, the feature to create relationships between indicators is available. This allows you to describe how indicators relate to each other and use this relationship in your automated analysis of a security incident. In the previous blog post in this series, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in integrations
Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations
Introduction In Cortex XSOAR, indicators are a key part of the platform as they visualize the Indicators Of Compromise (IOC) of a security alert in the incident to the SOC analyst and can be used in automated analysis workflows to determine the incident outcome. If you have a Cortex XSOAR Threat Intelligence Management (TIM) license, … Continue reading Cortex XSOAR Tips & Tricks – Creating indicator relationships in automations
Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints
Introduction When you use the Cortex XSOAR API in your automations, playbooks or custom scripts, the first place you will start is the API documentation to see which API endpoints are available. But what if you cannot find an API Endpoint for the task you want to automate in the documentation? In this blog post … Continue reading Cortex XSOAR Tips & Tricks – Discovering undocumented API endpoints
Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor
Introduction When using the Cortex XSOAR API in your automations, playbooks or custom scripts, knowing which API endpoints are available and how to use them is key. In a previous blog post in this series, we showed you where you could find the API documentation in Cortex XSOAR. The documentation was available on the server … Continue reading Cortex XSOAR Tips & Tricks – Exploring the API using Swagger Editor
Detecting & Preventing Rogue Azure Subscriptions
In this blog post we will cover why rogue subscriptions are problematic and revisit a solution published a couple of years ago on Microsoft's Tech Community. Finally, we will conclude with some hardening recommendations to restrict the creation and importation of Azure subscriptions.
Cortex XSOAR Tips & Tricks – Execute Commands Using The API
Introduction Every automated task in Cortex XSOAR relies on executing commands from integrations or automations either in a playbook or directly in the incident war room or playground. But what if you wanted to incorporate a command or automation from Cortex XSOAR into your own custom scripts? For that you can use the API. In … Continue reading Cortex XSOAR Tips & Tricks – Execute Commands Using The API