Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • OSINT for Missing Persons (Part 1 – Intro) Open-Source Intelligence
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build
  • External Analysis with VirusTotal Digital Forensics & Incident Response
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Using the Data Classification Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • Building the Assemblyline Analyzer for TheHive’s Cortex. Digital Forensics & Incident Response
  • TheHive 4.1.0 Deployment and Integration with MISP Build
  • Implementing Elastic Cloud and using Elastic Security Build

Month: March 2021

Using MISP in an air-gapped environment

Posted on March 20, 2021 By A.McHugh No Comments on Using MISP in an air-gapped environment

MISP works really well in an internet connected environment in gathering and creating correlations. However, in air-gapped environments the ability to query MISP for indicators is still incredibly useful, except that an air-gapped environment doesn’t ordinarilly have an Internet connection.

In this article I describe how MISP may be used in an Internet denied environment by leveraging off an existing Internet-connected instance.

Read More “Using MISP in an air-gapped environment” »

Design, MISP - Open Source Threat Intelligence Platform

TheHive 4.1.0 Deployment and Integration with MISP

Posted on March 20, 2021 By A.McHugh 16 Comments on TheHive 4.1.0 Deployment and Integration with MISP
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra, and they have integrated support for MISP galaxies as well!

Now Incident Responders using TheHive can export IOCs and Galaxy assignment directly from TheHive to MISP.

Read More “TheHive 4.1.0 Deployment and Integration with MISP” »

Build, Digital Forensics & Incident Response

Building the Assemblyline Analyzer for TheHive’s Cortex.

Posted on March 18, 2021 By A.McHugh No Comments on Building the Assemblyline Analyzer for TheHive’s Cortex.
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Static analysis for me has become more fun with the inclusion of Assemblyline into my arsenal. But the lack of integration between other elements of my FOSS SOC stack was concerning.

In this post I detail not only how to write a Cortex Analyzer, but also how to integrate with other appliances with that analyzer.

Read More “Building the Assemblyline Analyzer for TheHive’s Cortex.” »

Digital Forensics & Incident Response

Implementing Elastic Cloud and using Elastic Security

Posted on March 14, 2021 By A.McHugh No Comments on Implementing Elastic Cloud and using Elastic Security

Whilst I am a big fan of free open source solutions, I am going to bend my preference here a bit for the Elastic Cloud solution functioning as a SIEM.

Read More “Implementing Elastic Cloud and using Elastic Security” »

Build

Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.

Posted on March 3, 2021 By A.McHugh 10 Comments on Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Since the last write up I published on TheHive, there have been some significant changes and updates to TheHive. So for this post I will be walking through the installation and deployment of TheHive4 (4.0.5) and the connection to MISP, Cortex and enabling Webhooks.

Read More “Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.” »

Digital Forensics & Incident Response

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • Using the Estimative Language Taxonomy in MISP MISP - Open Source Threat Intelligence Platform
  • Implementing Elastic Cloud and using Elastic Security Build
  • Using MISP in an air-gapped environment Design
  • Loading Windows Event Logs to Elasticsearch Digital Forensics & Incident Response
  • Feeding Analysis Information Leak (AIL) Framework AIL Framework
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • Building CCCS’ AssemblyLine for Static Analysis Static Analysis
  • Using the workflow taxonomy in MISP MISP - Open Source Threat Intelligence Platform

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme