Tag Archives: loki

How to Write Simple but Sound Yara Rules – Part 3

It has been a while since I wrote „How to Write Simple but Sound Yara Rules – Part 2„. Since then I changed my rule creation method to generate more versatile rules that can also be used for in-memory detection. Furthermore new features were added to yarGen and yarAnalyzer. Binarly The most important feature of […]

2 Comments Continue Reading →
Threat Intel CSV Lookup in Splunk

Splunk Threat Intel IOC Integration via Lookups

Today most security teams have access to a lot of different information sources. On the one hand they collect log data from different sources and try to correlate them in a useful way in so-called SIEM systems. On the other hand they receive threat information from different sources like APT reports, public or private feeds […]

2 Comments Continue Reading →