Automating Detection Coverage Analysis with ATT&CK Navigator

Feb 13, 2020 1:52:00 PM / by Brian Greunke posted in Automation, DFIR, SecOps, Security, Threat Hunting, Defense, Graylog, Continuous Integration, MITRE ATT&CK

Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities. Given a rapidly changing, dynamic environment, this level of attention can't be a manual process, it requires the magic of automation.

Read More

Integrating Graylog With TheHive

Jan 31, 2020 2:11:00 PM / by Whitney Champion posted in Automation, DFIR, Incident Response, SecOps, Security, Defense, Python, Graylog, DevOps, TheHive, Cortex, API

If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)

Read More

Brokering Other Cloud Resources Behind AWS Services

Nov 21, 2019 2:43:00 PM / by Whitney Champion posted in DFIR, Operations, SecOps, Security, ZeroTier, DevOps, AWS, Cognito, Identity Aware Proxy, Cloud

I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of this setup.

Read More

Automating Graylog Pipelines

Jun 18, 2019 3:02:00 PM / by Whitney Champion posted in Automation, DFIR, SecOps, Security, Python, Graylog, Continuous Integration, DevOps, Ansible

Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our pipeline rules in our Graylog environment.

Read More

Analysis of Exploitation: CVE-2019-3396

May 20, 2019 3:22:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Security, Malware, Exploit, Intel Sharing, Vulnerability

The Recon incident response team recently worked an intrusion case involving a Confluence web application server that was affected by CVE-2019-3396.

Read More

Join us for Network Defense Range Training at Black Hat 2019!

Feb 4, 2019 3:48:00 PM / by Eric Capuano posted in DFIR, Incident Response, Forensics, Training, NDR

ndr

We're very excited to announce that we'll be bringing our NDR training to Black Hat this year! Come join us for the Network Defense Range Crucible - Live Adversary Detection and Incident Response during Black Hat 2019 Trainings!

Read More

G Suite DFIR - Part 1: Incident Response

Apr 26, 2018 4:16:00 PM / by Megan Roddie posted in DFIR, Incident Response, Forensics, Cloud, Google

 

Read More

Auditing G Suite Login Activity

Sep 3, 2017 4:36:00 PM / by Eric Capuano posted in Automation, DFIR, Forensics, Google

Often times during incident response activities, the responder is overwhelmed with data. The need for tools to automate the analysis and enhancement of this data is crucial.

Read More
View RSS Feed