Blog

Filter: threat intel - Clear Filter

New VALHALLA Features That You Might Have Missed

Rule Info Pages The new rule info pages allow you to get more information on a certain rule. You can find all the meta data, as well as past rule matches and previous antivirus verdicts. A second tab contains statistics.  You can also report false positives that...

read more

50 Shades of YARA

A long time ago I've noticed that there is no single best YARA rule for a given sample, but different best solutions depending on the user's requirements and use case. I noticed that I often create 2 to 3 YARA rules for a single sample that I process, while each of...

read more

STIXv2 Support in SPARK

SPARK Version 1.17.0 adds extensive STIXv2 support.This allows you to easily extend SPARK's signature bases with IOCs from any sandbox, analysis or threat intel platforms that support STIXv2 export by placing the exported [cci]*.json[/cci] files in the...

read more
Splunk Threat Intel IOC Integration via Lookups

Splunk Threat Intel IOC Integration via Lookups

Today most security teams have access to a lot of different information sources. On the one hand they collect log data from different sources and try to correlate them in a useful way in so-called SIEM systems. On the other hand they receive threat information from...

read more
GDPR Cookie Consent with Real Cookie Banner