SentinelOne AI SIEM Indicator API
Ever wondered how you get the indicator tab in the SentinelOne AI SIEM alerts populated? Sadly the official documentation is…
Author: threatinfo
Threat Intelligence in SentinelOne AI Siem
Endpoint URL: https://{your sentinelone console domain}/web/api/v2.1/threat-intelligence/iocs Headers Required: Authorization Content-Type Official Documentation: https://{your sentinelone console domain}/new-api-docs Limitations of the…
NiFi Groovy Script to Find 1st and Last IPs in Subnet
Takes a subnet cidr from a flowfile attribute called subnetCidr as shown below and returns the first and last usable…
Unusual user agent VPN attempts CitrixReceiver/23.11.1.41 Windows/10.0 AuthManager/23.11.0.9 (Release) X1Class CWACapable CWA/23.11.1.41
We’re seeing unusual patterns of login attempts against our customers netscalers with the only thing in common the user-agent: CitrixReceiver/23.11.1.41…
Netscaler Credential Stuffing Attack
We have recently identified another new persistent citrix netscaler credential stuffing attack against one of our customers using recently compromised…
Credential stuffing attacks against Azure Portal from Set User Agent and Device
We have recently identified a persistent credential stuffing attack against some of our customers. Credential stuffing is a cyberattack method in which…
Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP
Problem We manage a MISP instance which receives over 130,000 IOCs every day from multiple sources which we need to…
Microsoft Defender Indicator API Always Generates Alerts
No matter how hard I try, I cannot get the Microsoft Defender Indicator API https://api.securitycenter.microsoft.com/api/indicators/import to import IOCs with the…
Configuring Nifi with Azure Key Vault Secrets Parameter Providers
To integrate Nifi with an Azure Key Vault follow the below steps Step 1 – Add Parameter Provider Go into…
Actor targeting Palo Alto VPN
User names used by actor seen using VPNs with Canadian source IP addresses 10/05/2024. Replace targetDomain below with the domain…