Skip to content

Threat Intelligence

  • Alerts
  • Downloads
  • Links
  • IOC Feeds
SentinelOne AI SIEM Indicator API
SentinelOne siem

SentinelOne AI SIEM Indicator API

threatinfoAugust 2, 2025August 2, 2025

Ever wondered how you get the indicator tab in the SentinelOne AI SIEM alerts populated?  Sadly the official documentation is…

Threat Intelligence in SentinelOne AI Siem
SentinelOne siem

Threat Intelligence in SentinelOne AI Siem

threatinfoJune 29, 2025August 2, 2025

Endpoint URL: https://{your sentinelone console domain}/web/api/v2.1/threat-intelligence/iocs Headers Required: Authorization Content-Type Official Documentation: https://{your sentinelone console domain}/new-api-docs   Limitations of the…

NiFi Groovy Script to Find 1st and Last IPs in Subnet
Nifi

NiFi Groovy Script to Find 1st and Last IPs in Subnet

threatinfoApril 23, 2025April 23, 2025

Takes a subnet cidr from a flowfile attribute called subnetCidr as shown below and returns the first and last usable…

Unusual user agent VPN attempts CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41
Threat Intelligence

Unusual user agent VPN attempts CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41

threatinfoDecember 26, 2024December 26, 2024

We’re seeing unusual patterns of login attempts against our customers netscalers with the only thing in common the user-agent: CitrixReceiver/23.11.1.41…

Netscaler Credential Stuffing Attack
Threat Intelligence

Netscaler Credential Stuffing Attack

threatinfoDecember 24, 2024December 24, 2024

We have recently identified another new persistent citrix netscaler credential stuffing attack against one of our customers using recently compromised…

Credential stuffing attacks against Azure Portal from Set User Agent and Device
sentinel Threat Intelligence

Credential stuffing attacks against Azure Portal from Set User Agent and Device

threatinfoDecember 17, 2024December 17, 2024

We have recently identified a persistent credential stuffing attack against some of our customers. Credential stuffing is a cyberattack method in which…

Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP
Nifi sentinel Threat Intelligence

Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP

threatinfoNovember 29, 2024November 29, 2024

Problem We manage a MISP instance which receives over 130,000 IOCs every day from multiple sources which we need to…

Microsoft Defender Indicator API Always Generates Alerts
Defender Nifi

Microsoft Defender Indicator API Always Generates Alerts

threatinfoNovember 29, 2024November 29, 2024

No matter how hard I try, I cannot get the Microsoft Defender Indicator API https://api.securitycenter.microsoft.com/api/indicators/import to import IOCs with the…

Nifi

Configuring Nifi with Azure Key Vault Secrets Parameter Providers

threatinfoOctober 4, 2024October 4, 2024

To integrate Nifi with an Azure Key Vault follow the below steps Step 1 – Add Parameter Provider Go into…

Actor targeting Palo Alto VPN
Threat Intelligence

Actor targeting Palo Alto VPN

threatinfoMay 12, 2024May 13, 2024

User names used by actor seen using VPNs with Canadian source IP addresses  10/05/2024. Replace targetDomain below with the domain…

Posts navigation

Older posts

Copyright © 2025 Threat Intelligence | Ace News by Ascendoor | Powered by WordPress.