Skip to content
Threat Intelligence
  • Alerts
  • Downloads
  • Links
  • IOC Feeds
Subscribe

sentinel

  • Home
  • sentinel
A long way to go for AI implementations in SIEM platforms
Posted inAI sentinel SentinelOne

A long way to go for AI implementations in SIEM platforms

Trend Agentic AI SIEM The Trend Agentic AI SIEM agent is another example of a company rushing out an AI function without proper design considerations.  Rather than focusing on some…
Posted by threatinfo September 6, 2025
Nifi Groovyscript to convert JSON table array to key value JSON format
Posted inNifi sentinel SentinelOne

Nifi Groovyscript to convert JSON table array to key value JSON format

If you have data in a nested table array you can convert it to the standard key:value JSONpair by using the below groovyscript. Below is a sample of the data…
Posted by threatinfo August 4, 2025
Credential stuffing attacks against Azure Portal from Set User Agent and Device
Posted insentinel Threat Intelligence

Credential stuffing attacks against Azure Portal from Set User Agent and Device

We have recently identified a persistent credential stuffing attack against some of our customers. Credential stuffing is a cyberattack method in which attackers use lists of compromised user credentials to breach into a system.…
Posted by threatinfo December 17, 2024
Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP
Posted inNifi sentinel Threat Intelligence

Pushing Bulk Indicators to Multiple Sentinel Instances for a MSSP

Problem We manage a MISP instance which receives over 130,000 IOCs every day from multiple sources which we need to push to over 22 Microsoft Sentinel instances which we manage.…
Posted by threatinfo November 29, 2024
SIEM Log Ingestion – To filter or to deduplicate
Posted inlogstash sentinel siem

SIEM Log Ingestion – To filter or to deduplicate

Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that typically charges based on the volume of logs ingested. Ingesting a high volume…
Posted by threatinfo April 24, 2024
Sentinel Parsing Data at Ingestion or at Query time
Posted insentinel siem

Sentinel Parsing Data at Ingestion or at Query time

There are different options for parsing data in Microsoft Sentinel.  Query time parsing when the parsing is done when an analytic or analyst executes a piece of KQL or Ingest…
Posted by threatinfo April 1, 2024
Why is the Sentinel Threat Intelligence Indicator API so full of bugs
Posted insentinel siem Threat Intelligence

Why is the Sentinel Threat Intelligence Indicator API so full of bugs

Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you read about here. My issue with it, is that is is full of…
Posted by threatinfo March 14, 2024
Filebeat write: failed to publish events / connection reset by peer
Posted infilebeat logstash sentinel

Filebeat write: failed to publish events / connection reset by peer

I was using filebeat to listen on port 514 to accept rsyslog messages from AIX servers with the aim of filebeat then having an output to my logstash instance on…
Posted by threatinfo January 18, 2024
Microsoft Sentinel Watchlists and wildcard/partial/substring table joins in KQL
Posted insentinel

Microsoft Sentinel Watchlists and wildcard/partial/substring table joins in KQL

Watchlists are a great way to house data in a table format to be used for various purposes, be it analytic creation or incident enrichment.  If you are using a…
Posted by threatinfo January 12, 2024
Copyright 2026 — Threat Intelligence. All rights reserved. Bloghash WordPress Theme
Scroll to Top