A long way to go for AI implementations in SIEM platforms
Trend Agentic AI SIEM Microsoft Sentinel Security CoPilot SentinelOne Purple AI Purple AI supports a variety of data sources…
Nifi Groovyscript to convert JSON table array to key value JSON format
If you have data in a nested table array you can convert it to the standard key:value JSONpair by using…
SentinelOne AI SIEM Indicator API
Ever wondered how you get the indicator tab in the SentinelOne AI SIEM alerts populated? Sadly the official documentation is…
Threat Intelligence in SentinelOne AI Siem
Endpoint URL: https://{your sentinelone console domain}/web/api/v2.1/threat-intelligence/iocs Headers Required: Authorization Content-Type Official Documentation: https://{your sentinelone console domain}/new-api-docs Limitations of the…
NiFi Groovy Script to Find 1st and Last IPs in Subnet
Takes a subnet cidr from a flowfile attribute called subnetCidr as shown below and returns the first and last usable…
Unusual user agent VPN attempts CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41
We’re seeing unusual patterns of login attempts against our customers netscalers with the only thing in common the user-agent: CitrixReceiver/23.11.1.41…
Netscaler Credential Stuffing Attack
We have recently identified another new persistent citrix netscaler credential stuffing attack against one of our customers using recently compromised…
Credential stuffing attacks against Azure Portal from Set User Agent and Device
We have recently identified a persistent credential stuffing attack against some of our customers. Credential stuffing is a cyberattack method in which…
Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP
Problem We manage a MISP instance which receives over 130,000 IOCs every day from multiple sources which we need to…
Microsoft Defender Indicator API Always Generates Alerts
No matter how hard I try, I cannot get the Microsoft Defender Indicator API https://api.securitycenter.microsoft.com/api/indicators/import to import IOCs with the…