As a bake off for the Threat Lab and Incident Response capabilities, we will also be installing Splunk Enterprise. This will be in the 30 day trial mode, so it would be advisable to seek advice from your Splunk sales representative prior to using this installation in a production environment.
Read More “[Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise” »
You can potentially use a Cloud-hosted instance of Elastic Cloud Enterprise, however since I am trying to avoid putting this environment on the Internet, I will be building ECE in my home lab environment.
For this article and subsequent articles, I will be talking through the installation, configuration, and integration components in building an integrated threat and incident response lab. The primary purpose of this lab is to be able to replay malicious attack data into a SIEM environment (Splunk and Elastic will be used) and then generate appropriate alerts and actions within those SIEMs for an analyst to action. In addition, both SIEMS will be integrating MISP as a Threat Intelligence Platform to consume enriched intelligence and store and process newly generated intelligence from the lab.
Read More “[Part 1] Building a Threat Integration and Testing Lab” »
Intelligence is pretty much everywhere in unstructured formats, and this can be in informal blog posts, tweets, and even within FBI or US Treasury documents. In this article, I am going to describe how to build a transferrable STIX object from the FBI’s Most Wanted website.
Read More “Building Structured Threat Intelligence (STIX) from FBI notices” »
For this post I will be talking through the deployment and configuration of Shuffler.io in a self-hosted configuration.
Shuffler.io is a Security Orchestration Automation and Response (SOAR) platform which allows integrations with a number of OpenAPI services (two-way) to better expedite mundane and mandrolic tasks within a Security Operations Centre.
In this implementation, I will talking through the basics of installation and configuration, and some very basic testing through it’s interface.
I have written this guide a few times in the past, but here is a revised version with some notable inclusions based on more recent experiences with Cuckoo. I have some Github repositories too which aim to expedite the process, but have a read nonetheless and see just how easy and quick it can be…