Do you use CrowdStrike Event search heavily? Do you come up against the 7-day data retention limit? Do you want to keep some data longer and still search it? This article explains how to manualy export events from CrowdStrike Falcon Event Search and then import that into Splunk for correlation, preservation, or further analysis.
Did you know that the MITRE book [11 Strategies of a World-Class Cybersecurity Operations Center](https://www.mitre.org/news-insights/publication/11-strategies-world-class-cybersecurity-operations-center) has appendices outlining the documentation framework need for Security Operations. This includes Detection Engineering!
I have created a page to track my notes as I develop a better understanding of Detection Engineering. I am doing my best to be a good librarian and curate authoritative references, frameworks, articles, books, courses, standards, and more. If you want to learn or improve your Detection Engineering practices, I hope this helps expedite your journey!
In Security Operations we frequently have to investigate DNS and IP addresses to determine if they are known threat or to attribute them to some activity or owner. This article contains a list of free, trial, or open-source resources for performing address analysis.
Emily and Michael put a printer honeypot on the Internet to see who would attack it and how. It didn't turn out as expected! Our honeypot experiment suggests exposed printers are not a target for cyber-attacks.