Everything You Need For Building The Appropriate SOC Capability
Tuning,UseCase,Threat Detection,SIEM,Playbook
Selection of our best topics in the blog.
Hunting The Empire
Empire tool is one of the post-exploitation frameworks with an HTTP module; attackers can use it for various malicious purposes, for example, C&C. Empire HTTP traffic analysis Using the Empire and its HTTP module: After the attacker infiltrates the victim...
Event Categories and Recommended UseCase (Part two)
This post is part two of Event Categories and Recommended UseCase, you can see part one : The guidelines provided in this article help SOC professionals in understanding and respond to security monitoring requirements in a more professional manner. Additionally,...
Splunk Configuration file precedence
How does Splunk prioritize and merge the configuration files? When editing configuration files, it is important to understand how Splunk software evaluates these files and which ones take precedence. When incorporating changes, Splunk software does the following to your configuration...
