Write up on sequences of TTP's used by the Play ransomware gang exploiting ProxyNotShell in the Rackspace compromise. This uses the Mitre Attack Flow format for the TTP sequence definition and execution. https://t.co/ag3XzhzDTa @MITREattack#SIEM#Ransomware#xdr
As a leader, there may be no skill more important than emotional self-regulation. I struggled with this for a lot of my career (which of course as a woman, made me extra worried about being a trope). Thread >>
We see many enterprise SOC's using two SIEM's - Splunk and Sentinel. And now we are seeing SOC's add Snowflake as a low-cost log platform. How are SOC's managing detections and response in this env? Join the webinar: https://t.co/HzqqO4hiIN #siem#xdr #splunk#Sentinel #snowflake
Snowflake announced “Native Applications”.
This is an extension to their data marketplace. Now instead of selling just datasets, I can bundle data + Snowpark Python stored procs + streamlit apps + more. They added metered billing, so I can charge “per query”.
Slootman's 7 themes to "explain" @SnowflakeDB
1. all data
2. all workloads
3. Global including multi cloud and cross cloud
4. self managed
5. programmability
6. marketplaces with monetization
7. Governance
[also mentioned data sharing as part of all data] #snowflakesummit
A good alert includes:
- Detection context
- Investigation/response context
- Orchestration actions
- Prevalence info
- Environmental context (e.g, src IP is scanner)
- Pivots/visual to understand what else happened
- Able to answer, "Is host already under investigation?"
New: Our giant global investigation into the private Israeli spyware used to hack the phones of journalists and activists around the world. Reported with #PegasusProject across 10 countries. And there are so many stories to tell: https://t.co/f74PwRk008
Deep Learning is not yet enough to be the singular solution to most real-world automation. You need significant prior-injection, post-processing and other engineering in addition.
Hence, companies selling DL models as an API have slowly turned into consulting shops.
#HuntingTipOfTheDay
Attackers can use off-the-shelf malware, custom tools, or living off the land techniques. Be ready to corner an attacker regardless of the approach they choose.
At Anvilogic we have been helping SOC's mature and automate their threat hunting capabilities over the past year. Here's our take-aways: https://t.co/d3aABuUUmp #SIEM#xdr@MITREattack#CISO#ThreatHunting
@0x7eff@MITREattack Pretty cool. I like the attack paths approach. Is there a plan to expand this set of attack paths? Love to see the methodology as well. I couldnt find any addnl info at the site.
Are you pulling in alerts from your EDR/NDR tools into your SIEM? How are you normalizing those alerts for effective threat hunting? Some observations: https://t.co/SayAsrAd2F @MITREattack@splunk#SIEM#cybersecurity
sharing observations on how SOC's are tying together the SOC triad in the SIEM for improved threat hunting. https://t.co/SayAsriCb7 How are you doing it? #soctriad#siem@MITREattack#edr#NDR@splunk
"We are all Ishmael the ingénue and Starbuck the pragmatist and Ahab the maniac, stuck on a ship driven by winds we cannot predict, helmed by a mind not fully comprehensible, whose compulsions we don't control" https://t.co/3aD0yMt2h3