Expanding on Cyber Threat Intelligence for Security Monitoring

Three levels of detection engineering using Threat Intelligence as our guiding light

Posted on January 26, 2025

This blog will serve as a guide to understanding how we can use Cyber Threat Intelligence (CTI) for detection in more ways than just raw data points. For some context, I wrote a little introduction on this topic earlier in January - the main point was that most people in... [Read More]
Tags: Cyber Security, Security Monitoring, Threat Intelligence, MISP, Cyber Threat Intelligence, Detection

On the use of Threat Intelligence in Detection

If applied correctly, Threat Intelligence can be a useful tool in your belt. Mostly, however, it might be barking up the wrong tree depending on your maturity level. Let's explore that!

Posted on January 12, 2025

First things first, for those who might be wondering - what is Cyber Threat Intelligence (CTI)? Well, for starters, itā€™s data. Data that is collected processed, and analyzed to understand the threat landscape. This data can be used to make informed decisions and take actions to protect your organization. [Read More]
Tags: Cyber Security, Security Monitoring, Threat Intelligence, MISP, Cyber Threat Intelligence, Detection

Tool Release: pwshuploadindicatorsapi

This module is a wrapper for the Microsoft Sentinel related Upload Indicators API, allowing you to upload indicators of compromise (IOC) to a Microsoft Sentinel instance.

Posted on December 27, 2024

You can find the module on PowershellGallery and you can install it by running Install-Module -Name pwshuploadindicatorsapi and Import-Module pwshuploadindicatorsapi. The module is also available on GitHub if you want to contribute or report issues. [Read More]
Tags: Cyber Security, Powershell, Threat Intelligence, MISP, Microsoft Sentinel, Upload Indicators API

Tool Release: pwshmisp

In an attempt to make using MISP easier, I have created a PowerShell module to interact with MISP. The release of this module is the first step towards creating a powershell integration function for pushing data from MISP to Microsoft Sentinel.

Posted on December 23, 2024

You can find the module on PowershellGallery and you can install it by running Install-Module -Name pwshmisp and Import-Module pwshmisp. The module is also available on GitHub if you want to contribute or report issues. [Read More]
Tags: Cyber Security, Powershell, Threat Intelligence, MISP, Microsoft Sentinel

Test Yourself Part 1: Identity

Some tips, tricks and tools to help you get started testing your own infrastructure. This is the part 1 where we'll look into identity and how you can test it.

Posted on October 26, 2024

In the last article called ā€œTest Yourself: The Preludeā€, we talked about some basic principles of security that we need to keep in mind moving forward. In this blog, weā€™re going to focus on identity and how you can start making sure youā€™re secure in that area. If you havenā€™t... [Read More]
Tags: Cyber Security, Entra ID, Security Monitoring, Entra ID, Azure, Microsoft 365