SIEM Log Ingestion – To filter or to deduplicate
Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that typically charges based…
Sentinel Parsing Data at Ingestion or at Query time
There are different options for parsing data in Microsoft Sentinel. Query time parsing when the parsing is done when an…
Why is the Sentinel Threat Intelligence Indicator API so full of bugs
Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you read about here.…
MISP Database Size Getting Too Large
MISP MYSQL database growing too large and starting to get out of control? API calls getting slower and slower? Maybe…
MISP – An Internal Error has occured – HTTP Status code 500
If you receive a “An internal error has occured” error message when clicking on various menu functions in the MISP…
Whats a threat activity cluster?
A threat activity cluster is a grouping of security alerts which are related to a unique or similar activity taking place in…
Filebeat write: failed to publish events / connection reset by peer
I was using filebeat to listen on port 514 to accept rsyslog messages from AIX servers with the aim of…
WSO Shell used in a Phishing-as-a-Service (PhaaS) 365 harvesting phishing campaign
1. Initial Incident Late 2023, we observed several of our users , working in different locations with different email domains…
Microsoft Sentinel Watchlists and wildcard/partial/substring table joins in KQL
Watchlists are a great way to house data in a table format to be used for various purposes, be it…
Best Alternative Web Scanner to Burp Suite
If you’re looking for a great open-source vulnerability scanner you can do a lot worse than ZAP (Zed Attack proxy).…