One of the main goals of Sigma as a project and Sigma rules specifically has always been to reduce the gap that existed in the detection rules space. As maintainers of the Sigma rule repository we're always striving for reducing that gap and making robust and...
Private Sigma Rule Feed in Valhalla and Partnership with SOC Prime
We are proud to announce the integration of our private Sigma rule set in Valhalla. This rule set is used in our scanner THOR and endpoint agent Aurora. The rule set currently contains more than 250 quality-tested and generic rules written by Nextron's detection...
Antivirus Event Analysis Cheat Sheet v1.12.0
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.12.0. It includes updates in several sections New signatures for PUA like FRP and Adfind Signature strings have been sorted alphabetically (not shown in the screenshot below) You can download the new...
Antivirus Event Analysis Cheat Sheet v1.10.0
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.10.0. It includes updates in several sections add special identifiers for Sliver and Brute Ratel C4 framework implants many new tags for Virustotal assessments You can download the new version here....
Aurora Lite Agent v1.0 Release
After almost half a year of development, we are pleased to announce the release of our free version of the Aurora Agent named Aurora Lite. The Aurora agent is a Sigma-based endpoint agent that offers maximum transparency, flexibility, and confidentiality. It doesn't...
Antivirus Event Analysis Cheat Sheet v1.9.0
We've updated our Antivirus Event Analysis Cheat Sheet to version 1.9.0. It includes updates in almost all sections add special indicators for all kinds of Microsoft Exchange exploitation activity (ProxyLogon, ProxyShell etc.) moves Ransomware indicators to highly...
Aurora – Sigma-Based EDR Agent – Preview
The following recorded video session includes information about our new Sigma-based EDR agent called "Aurora" and the free "Aurora Lite". It's a preview of the agent with information on its features, limits, advantages and a live demo. The release is scheduled for...
Monero Mining Pool FQDNs
Malware that deploys crypto mining software has become more and more popular and annoying. It's not always possible to scan every device in your network with our free or commercial compromise assessment scanners. The good news is that the mining pools for the most...
Antivirus Event Analysis Cheat Sheet v1.8.2
The analysis of Antivirus events can be a tedious task in big organizations with hundreds of events per day. Usually security teams fall back to a mode of operation in which they only analyze events in which a cleanup process has failed or something went wrong. This...
Antivirus Event Analysis Cheat Sheet v1.8
Download the Antivirus Event Analysis Cheat Sheet version 1.8.1 here.
Web Proxy Event Analysis Cheat Sheet
The "Web Proxy Event Analysis Cheat Sheet" can help SOCs and security analysts classify proxy events (blocks, alerts) and is based on my ideas and many ideas from experts that helped me collect detection ideas for this document. You can download version 1.0 here. We...
Antivirus Event Analysis Cheat Sheet v1.7
We've just released an updated version of our Antivirus Event Analysis cheat sheet. You can download version 1.7 here.The major changes are:Updated AV signature listsSplit AV signature cells into two columns to save spaceFixed and added some directory namesExtended...