One of the great aspects of MISP, is the use of tags to give an indication of what needs to be done with an indicator within an event. Whole events…
[Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
As a bake off for the Threat Lab and Incident Response capabilities, we will also be installing Splunk Enterprise. This will be in the 30 day trial mode, so it…
[Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
You can potentially use a Cloud-hosted instance of Elastic Cloud Enterprise, however since I am trying to avoid putting this environment on the Internet, I will be building ECE in…
[Part 1] Building a Threat Integration and Testing Lab
For this article and subsequent articles, I will be talking through the installation, configuration, and integration components in building an integrated threat and incident response lab. The primary purpose of…
Building Structured Threat Intelligence (STIX) from FBI notices
Intelligence is pretty much everywhere in unstructured formats, and this can be in informal blog posts, tweets, and even within FBI or US Treasury documents. In this article, I am…
Security Orchestration with Shuffle.io
For this post I will be talking through the deployment and configuration of Shuffler.io in a self-hosted configuration.Shuffler.io is a Security Orchestration Automation and Response (SOAR) platform which allows integrations…
Building a Cuckoo Malware Analysis Server
I have written this guide a few times in the past, but here is a revised version with some notable inclusions based on more recent experiences with Cuckoo. I have…
Using MISP in an air-gapped environment
MISP works really well in an internet connected environment in gathering and creating correlations. However, in air-gapped environments the ability to query MISP for indicators is still incredibly useful, except…
TheHive 4.1.0 Deployment and Integration with MISP
Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra,…
Building the Assemblyline Analyzer for TheHive’s Cortex.
Static analysis for me has become more fun with the inclusion of Assemblyline into my arsenal. But the lack of integration between other elements of my FOSS SOC stack was…