Early on in my career I had this weird aversion for people who wrote blogs. I’m pretty sure at least part of it was a result of the nordic phenomenon called the Law of Jante, which can be summarized as a code of conduct used colloquially to denote a social...
[Read More]
Security Monitoring - Developing Use Cases
Some thoughts on developing use cases and the importance of detection engineering
In this blog post I’ll be writing about developing use cases for security monitoring. I’ll be using Microsoft Sentinel as an example, but the same principles apply to any SIEM or security monitoring platform.
[Read More]
Figuring out MISP2Sentinel Event Filters
How they work, how to use them and some (hopefully not horrible) examples.
MISP is becoming a popular open source option for managing threat intelligence at the operational level by sharing indicators of compromise (IOCs) and contextualizing them with other data. It can, however, be a bit daunting to figure out how to use the event filters. In this post I’ll go through...
[Read More]
Use Update Indicators API to push Threat Intelligence from MISP to Microsoft Sentinel
A quick intro on how to set up MISP, Azure Functions and Sentinel to push threat intelligence from MISP to Sentinel
An updated guidance on how to set up the MISP2Sentinel Azure Function to push threat intelligence from MISP to Microsoft Sentinel using the new Upload Indicators API.
[Read More]
Pushing Threat Intelligence from MISP to Microsoft Sentinel
A quick intro on how to set up MISP, Azure Functions and Sentinel to push threat intelligence from MISP to Sentinel
Background
[Read More]