Tag Archives: SOC

Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!

Introduction We are happy to announce that the awesome people maintaining the Sigma project on GitHub have merged our work to support the ee-outliers backend! So what you can you do with this? Sigma already contained support for Elasticsearch through the es-dsl and es-qs backends. However, these generate queries then need to be integrated by …

Continue reading “Sigma engine adds support for ee-outliers backend: start tagging your Sigma hits in Elasticsearch!”

Filtering out top 1 million domains from corporate network traffic

During network traffic analysis and malware investigations, we often use IP and domain reputation lists to quickly filter out traffic we can expect to be benign. This typically includes filtering out traffic related to the top X most popular websites world-wide. For some detection mechanisms, this technique of filtering out popular traffic is not recommended …

Continue reading “Filtering out top 1 million domains from corporate network traffic”