A long way to go for AI implementations in SIEM platforms
Trend Agentic AI SIEM Microsoft Sentinel Security CoPilot SentinelOne Purple AI Purple AI supports a variety of data sources…
Category: siem
Nifi Groovyscript to convert JSON table array to key value JSON format
If you have data in a nested table array you can convert it to the standard key:value JSONpair by using…
SentinelOne AI SIEM Indicator API
Ever wondered how you get the indicator tab in the SentinelOne AI SIEM alerts populated? Sadly the official documentation is…
Threat Intelligence in SentinelOne AI Siem
Endpoint URL: https://{your sentinelone console domain}/web/api/v2.1/threat-intelligence/iocs Headers Required: Authorization Content-Type Official Documentation: https://{your sentinelone console domain}/new-api-docs Limitations of the…
SIEM Log Ingestion – To filter or to deduplicate
Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that typically charges based…
Sentinel Parsing Data at Ingestion or at Query time
There are different options for parsing data in Microsoft Sentinel. Query time parsing when the parsing is done when an…
Why is the Sentinel Threat Intelligence Indicator API so full of bugs
Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you read about here.…
Logstash – Sending Windows Event Logs
Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step…