Talfor

Cybersecurity threat hunting - A SIEM’s effectiveness depends on the quality and breadth of its data. For effective threat hunting, collect contextual logs from all key sources such as networks, endpoints, servers, applications, and security systems.

The framework ingests Zeek Logs in TSV or JSON format, and currently supports the following major features: Beaconing Detection:   Search for signs of beaconing behavior in and out of your network. Long Connection Detection : Easily see connections that have communicated for long periods of time. DNS Tunneling Detection : Search for signs of DNS based covert channels. Threat Intel Feed Checking : Query threat intel feeds to search for suspicious domains and hosts. Check out the Source at :...

Much useful Incident Response (IR) tool released by CISA to run a full investigation against a customer’s Azure Active Directory...