Transforming search sentences to query Elastic SIEM with OpenAI API

In this blog post, we will explore how a powerful language model by OpenAI can automate the and bridge the gap between human language questions and SIEM query language.

Visualizing MISP Threat Intelligence in Power BI – An NVISO TI Tutorial

In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.

Enforcing a Sysmon Archive Quota

This blog post will create a Sysmon archive quota through WMI event consumption to avoid storage exhaustion.

DeTT&CT : Mapping detection to MITRE ATT&CK

Introduction Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers. For a SOC, it is crucial to have an good overview … Continue reading DeTT&CT : Mapping detection to MITRE ATT&CK →

Cortex XSOAR Tips & Tricks – Execute Command Function

Introduction When developing the automated SOC workflows for the NVISO Managed SOC and the additional NITRO services on Cortex XSOAR, we have started to make use of automations to do complex tasks instead of playbooks. Automations have much better performances and, if your team has a decent level of Python skills, developing complex tasks in … Continue reading Cortex XSOAR Tips & Tricks – Execute Command Function →

Cortex XSOAR Tips & Tricks

Introduction With our Managed Detect and Respond (MDR) service, NVISO provides a managed Security Operations Center (SOC) for a large variety of clients across different industries. Since the beginning of this service, we had an “automate first” principle where we tried to automate as much of the repetitive tasks of the SOC analysts as possible, … Continue reading Cortex XSOAR Tips & Tricks →