Since we've heard from partners and friends about many non-profit organisations affected by the Exchange server vulnerability, we've decided to transfer many detection rules from our commercial scanner into the free community version. If you haven't heard of THOR or...
Detection Coverage of HAFNIUM Activity Reported by Microsoft and Volexity
Microsoft as well as Volexity pubslihed reports on activity of an actor named HAFNIUM by Microsoft exploiting at least four zero-day vulnerabilities in Microsoft Exchange services. In this blog post we would like to outline the coverage provided by THOR regarding...
STIXv2 Support in SPARK
SPARK Version 1.17.0 adds extensive STIXv2 support.This allows you to easily extend SPARK's signature bases with IOCs from any sandbox, analysis or threat intel platforms that support STIXv2 export by placing the exported [cci]*.json[/cci] files in the...
Splunk Threat Intel IOC Integration via Lookups
Today most security teams have access to a lot of different information sources. On the one hand they collect log data from different sources and try to correlate them in a useful way in so-called SIEM systems. On the other hand they receive threat information from...