siem

Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter

• Malware
• siem
• Threat Intelligence

Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter

threatinfo June 15, 2026

What Is Threat-Informed Defence? Threat-Informed Defence (TID) is the systematic application of an understanding of adversary tactics,...

Read More Read more about Threat-Informed Defence: Focusing Cybersecurity on the Threats That Matter

Solving Gradual Logstash Ingestion Degradation on Windows Data Collectors

• logstash
• siem

Solving Gradual Logstash Ingestion Degradation on Windows Data Collectors

threatinfo January 13, 2026

Over the past several months, I observed a recurring issue affecting a number of Windows-based Logstash data...

Read More Read more about Solving Gradual Logstash Ingestion Degradation on Windows Data Collectors

A long way to go for AI implementations in SIEM platforms

• AI
• sentinel
• SentinelOne
• siem

A long way to go for AI implementations in SIEM platforms

threatinfo September 6, 2025

Trend Agentic AI SIEM The Trend Agentic AI SIEM agent is another example of a company rushing...

Read More Read more about A long way to go for AI implementations in SIEM platforms

Nifi Groovyscript to convert JSON table array to key value JSON format

• Nifi
• sentinel
• SentinelOne
• siem

Nifi Groovyscript to convert JSON table array to key value JSON format

threatinfo August 4, 2025

If you have data in a nested table array you can convert it to the standard key:value...

Read More Read more about Nifi Groovyscript to convert JSON table array to key value JSON format

SentinelOne AI SIEM Indicator API

• SentinelOne
• siem

SentinelOne AI SIEM Indicator API

threatinfo August 2, 2025

Ever wondered how you get the indicator tab in the SentinelOne AI SIEM alerts populated?  Sadly the...

Read More Read more about SentinelOne AI SIEM Indicator API

Threat Intelligence in SentinelOne AI Siem

• SentinelOne
• siem

Threat Intelligence in SentinelOne AI Siem

threatinfo June 29, 2025

Endpoint URL: https://{your sentinelone console domain}/web/api/v2.1/threat-intelligence/iocs Headers Required: Authorization Content-Type Official Documentation: https://{your sentinelone console domain}/new-api-docs  ...

Read More Read more about Threat Intelligence in SentinelOne AI Siem

SIEM Log Ingestion – To filter or to deduplicate

• logstash
• sentinel
• siem

SIEM Log Ingestion – To filter or to deduplicate

threatinfo April 24, 2024 0

Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that...

Read More Read more about SIEM Log Ingestion – To filter or to deduplicate

Sentinel Parsing Data at Ingestion or at Query time

• sentinel
• siem

Sentinel Parsing Data at Ingestion or at Query time

threatinfo April 1, 2024

There are different options for parsing data in Microsoft Sentinel.  Query time parsing when the parsing is...

Read More Read more about Sentinel Parsing Data at Ingestion or at Query time

Why is the Sentinel Threat Intelligence Indicator API so full of bugs

• sentinel
• siem
• Threat Intelligence

Why is the Sentinel Threat Intelligence Indicator API so full of bugs

threatinfo March 14, 2024 0

Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you...

Read More Read more about Why is the Sentinel Threat Intelligence Indicator API so full of bugs

Logstash – Sending Windows Event Logs

• log
• siem

Logstash – Sending Windows Event Logs

threatinfo October 8, 2021

Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\  (Should look like the...

Read More Read more about Logstash – Sending Windows Event Logs