• Manually Import CrowdStrike Falcon Events to Splunk

    Do you use CrowdStrike Event search heavily? Do you come up against the 7-day data retention limit? Do you want to keep some data longer and still search it? This article explains how to manualy export events from CrowdStrike Falcon Event Search and then import that into Splunk for correlation, preservation, or further analysis.
  • Documentation for Detection Engineering

    Did you know that the MITRE book [11 Strategies of a World-Class Cybersecurity Operations Center](https://www.mitre.org/news-insights/publication/11-strategies-world-class-cybersecurity-operations-center) has appendices outlining the documentation framework need for Security Operations. This includes Detection Engineering!
  • Detection Engineering Notes Update

    I have created a page to track my notes as I develop a better understanding of Detection Engineering. I am doing my best to be a good librarian and curate authoritative references, frameworks, articles, books, courses, standards, and more. If you want to learn or improve your Detection Engineering practices, I hope this helps expedite your journey!
  • Investigating DNS and IP Addresses

    In Security Operations we frequently have to investigate DNS and IP addresses to determine if they are known threat or to attribute them to some activity or owner. This article contains a list of free, trial, or open-source resources for performing address analysis.
  • Do attackers really attack printers?

    Emily and Michael put a printer honeypot on the Internet to see who would attack it and how. It didn't turn out as expected! Our honeypot experiment suggests exposed printers are not a target for cyber-attacks.
  • 1
  • 2