For a new project I had to foresee an SMTP relay server that supported client authentication. I love the simplicity of Postfix but setting it up with client authentication required more than just ‘a push of a button’. Below are some -unstructured- notes on how to achieve this.
The client authentication in Postfix is handled by Cyrus SASL. The Simple Authentication and Security Layer or SASL is a specification that describes how authentication mechanisms can … Read more.
I published an article on the IBM Security Intelligence blog : Health Care Ransomware Strains Have Hospitals in the Crosshairs. This article covers ways on how hospitals and other facilities can against health care ransomware attacks. Two strains stand out in recent health care ransomware attacks: Ryuk and REvil. Although they are distinct when it comes to details, they also have some common elements.
Read more Health Care Ransomware Strains Have Hospitals in the Crosshairs
For a recent MISP installation I had to debug the reason why certain events were not pushed to a remote server. First a bit of context
Both servers run the same version of MISP (a fairly recent version); Events are pushed from server A to server B. The synchronisation user used on server A existed on server B and had sufficient permissions; The server synchronisation was configured to push events if they were considered complete … Read more.
I published an article on the IBM Security Intelligence blog : Combating Sleeper Threats With MTTD. The article covers mean time to detect (MTTD) and mean time to response (MTTR).
I cover some of the options available to reduce the MTTD, what elements can be used to define baselines and how to improve security monitoring and maturity by improving the MTTD.
The MISP API provides an easy way for interacting with MISP. In most cases you’ll do this via scripting or from external applications. Sometimes it can however be interesting to use the API to do some simple queries via Python on your threat data.
First start Python from the virtual environment.
Then load the libraries and set some variables.
Now you can use the misp variable to interact with MISP.
For example to … Read more.
MISP correlations are a way to find relationships between attributes and indicators from malware or attacks campaigns. Correlation support analysts in detecting clusters of similar activities and pivot from one event to another.
When the volume of data in your MISP instance grows, the number of correlations can however explode and make your system less responsive. I cover some approaches that you can use to stay in control.
Correlation basically is a way for … Read more.
I published an article on the blog of the MISP project on how to create your own custom object: Creating a MISP Object, 101. This is a follow-up to a previous post on how to create your own MISP galaxy or MISP cluster (Creating a MISP Galaxy, 101).
I published an article on the IBM Security Intelligence blog : Cyber Resilience Strategy Changes You Should Know in the EU’s Digital Decade. The article describes the new EU Cybersecurity Strategy and one the proposal for a revised Directive on Security of Network and Information Systems
The EU Commission attempts to improve cyber resilience with the NIS2 Directive and provides an overview of cyber resilience challenges for 5G and IoT. Other topics discussed include … Read more.
In this post I go through the process of representing threat data from MISP in Elastic. The goal is to push attributes from MISP to Elastic and have a representation with a couple of pretty graphs. This is an alternative approach to using the MISP dashboard (and MISP-Dashboard, real-time visualization of MISP events).
The Filebeat component of Elastic contains a MISP module. This module queries the MISP REST API for recently published event and attribute … Read more.
I published an article on the IBM Security Intelligence blog : Cybersecurity Ethics: Establishing a Code for Your SOC. The article describes the dilemmas you can face when working in a SOC or doing incident response work.
The articles describes Cybersecurity Ethics Guidance Frameworks, Best Practices and a Practical Approach for Cybersecurity Ethics, including a set of commandments to adhere. For example
Do not use a computer to harm other people. Protect society and … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.