A Comprehensible Introduction to Security Operations Center Cybercriminal activity is among the most significant challenges that humanity will face in the next two decades. In 2019, over 15.1 billion records were exposed. According to Cybercrime Ventures, the global cost of cybercrime will rise from US$3 trillion in 2015 to US$6 trillion by 2021. Cybercriminals steadily make efforts…
Who is a Threat Hunter and what role do they play? With the growing technological world, cyberattacks are evolving to be more sophisticated than ever; furthermore, a lack of attention given to cyber threats—due to budget, technology, processes, and above all, the team of experts—has led to an increase in the number of successful malware…
How SIEM Automation Can Improve Threat Management Let’s see why it is important to know about SIEM Automation. An ocean of data and security alerts are dispatched to organizations on a regular basis. According to the Achieving High-Fidelity Security research by EMA, 92% of organizations were receiving up to 500 events per day, and 88%…
Detect Indicator Blocking free Splunk Detection Rules An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. This could include maliciously redirecting or even disabling host-based sensors, such as Event Tracing for Windows (ETW), by tampering settings that control the collection and flow of event telemetry. These…
Detect CMSTP.exe with INF Files Infected with Malicious Commands with Free Splunk Detection Rule The Microsoft Connection Manager Profile Installer (CMSTP.exe) is a command-line program used to install Connection Manager service profiles. CMSTP.exe accepts an installation information file (INF) as a parameter and installs a service profile leveraged for remote access connections. ID: T1191 Tactic:…
