Automating Detection Coverage Analysis with ATT&CK Navigator
Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities.…
Integrating Graylog With TheHive
If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :) We also love TheHive. It makes tracking incidents easy, it's reliable, and it's another well-managed open source project that we support and contribute to. TheHive also integrates with Cortex, which allows us…
Graylog and Cylance Protect Integration
TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did it. Since we had never integrated with their API before, we were looking at a lot of unknowns. Searching GitHub uncovered a huge win. Lucky for us, someone had already…
Automating Graylog Pipelines
Part of our job at Recon relies on fine tuning our threat signatures that make up the bulk of our pipeline rules in our Graylog environment. Because of this, they are constantly changing, growing, being tuned, and ultimately becoming more effective over time at detecting anomalous activity.…