infernux

Security Monitoring - Developing Use Cases

Some thoughts on developing use cases and the importance of detection engineering

Posted on September 17, 2023

In this blog post I’ll be writing about developing use cases for security monitoring. I’ll be using Microsoft Sentinel as an example, but the same principles apply to any SIEM or security monitoring platform. [Read More]

Tags: Security, Monitoring, SIEM, Use Cases, Microsoft Sentinel

Figuring out MISP2Sentinel Event Filters

How they work, how to use them and some (hopefully not horrible) examples.

Posted on September 2, 2023

MISP is becoming a popular open source option for managing threat intelligence at the operational level by sharing indicators of compromise (IOCs) and contextualizing them with other data. It can, however, be a bit daunting to figure out how to use the event filters. In this post I’ll go through... [Read More]

Tags: MISP, Threat Intelligence, Microsoft Sentinel, IOC

Use Update Indicators API to push Threat Intelligence from MISP to Microsoft Sentinel

A quick intro on how to set up MISP, Azure Functions and Sentinel to push threat intelligence from MISP to Sentinel

Posted on August 3, 2023

An updated guidance on how to set up the MISP2Sentinel Azure Function to push threat intelligence from MISP to Microsoft Sentinel using the new Upload Indicators API. [Read More]

Tags: Cloud Security, Microsoft Sentinel, Data Connectors, Azure Functions, Automation, MISP, Upload Indicators API

Pushing Threat Intelligence from MISP to Microsoft Sentinel

A quick intro on how to set up MISP, Azure Functions and Sentinel to push threat intelligence from MISP to Sentinel

Posted on June 4, 2023

Background [Read More]

Tags: Cloud Security, Microsoft Sentinel, Data Connectors, Azure Functions, Automation, MISP

Increasing the default timeout of Azure Functions

Azure Functions are used for most data connectors, but some of them have a very low default timeout.

Posted on June 2, 2023

Background [Read More]

Tags: Cloud Security, Microsoft Sentinel, Data Connectors, Azure Functions, Automation, MISP

security automation blog

Security Monitoring - Developing Use Cases

Some thoughts on developing use cases and the importance of detection engineering

Figuring out MISP2Sentinel Event Filters

How they work, how to use them and some (hopefully not horrible) examples.

Use Update Indicators API to push Threat Intelligence from MISP to Microsoft Sentinel

A quick intro on how to set up MISP, Azure Functions and Sentinel to push threat intelligence from MISP to Sentinel

Pushing Threat Intelligence from MISP to Microsoft Sentinel

A quick intro on how to set up MISP, Azure Functions and Sentinel to push threat intelligence from MISP to Sentinel

Increasing the default timeout of Azure Functions

Azure Functions are used for most data connectors, but some of them have a very low default timeout.