Scaling Enterprise Forensic Timelining
In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining...
Mapping Adversary Emulation Plans
The Center for Threat-Informed Defense at MITRE recently released their Adversary Emulation Plans...
Integrating Thinkst Canaries with TheHive
We've been big fans of the Thinkst platform for a while now. We may have mentioned them a time or...
Visualizing Geo IP Information using Python
As part of the #OpenSOC event Recon InfoSec recently conducted, we wanted to visualize where all of...
Automating Detection Coverage Analysis with ATT&CK Navigator
Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and...
Integrating Graylog With TheHive
If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)
Automating Graylog Pipelines
Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our...
The Infrastructure
When I joined the OpenSOC team at the beginning of this year, everything resided on 3 Intel Skull...
Auditing G Suite Login Activity
Often times during incident response activities, the responder is overwhelmed with data. The need...
Slacking at Security Operations
Running a Security Operations Center requires fighting a constant battle to increase analyst...