Anomali Detect

September 20 - 22, 2017

BLOG

Category: SIEM

Cyber Threat Intelligence SIEM Splunk ThreatStream

Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More


Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More


Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform

ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More


SIEM Splunk Threat Intelligence Platform

The New and Improved Anomali Threatstream Splunk App

Over the past few months I have had the opportunity to talk to so many Anomali customers using our Splunk Commercial App to seamlessly match their data against Threatstream Indicators of Compromise (IOCs). It has been great to see the excitement around the dashboards and insights our app offers that...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Community Data (Part 4)

Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)

In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)

Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Splunk

Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)

Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More


Cyber Threat Intelligence Malware Research SIEM

Anomali Labs: Evidence of a New Framework POS Campaign

Anomali labs research team has come across a new FrameworkPOS campaign that seems to be slowly picking up. This campaign although is not as big as the former ones found during our initial research still gives us clues about how active the actors behind this activity are.Samples observed During...
Read More


Cyber Threat Intelligence SIEM Threat Intelligence Platform

Addressing the “last mile” problem for Threat Intelligence data

Over the last several months, ThreatStream has rebranded as Anomali and launched two new products-- Anomali Enterprise and Anomali Reports. Today we announced a new C-round of funding for the company, in what is widely known as a time when it is harder to get funding from venture capitalist firms....
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools

A couple weeks ago, Nicholas Albright and myself from ThreatStream Labs offered a workshop at BSidesLV 2015 on Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools. This was a packed class and we ended up having more attendees than the maximum class size. This made teaching the...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM

Monitoring Anonymizing Networks (TOR/I2P) for Threat Intelligence

 Disclaimer: Due to the prevalence of illegal material, specifically illegal images, we highly recommend only experienced researchers who understand the risks perform research in this area. Regardless of the experience of the investigator, disabling image loading or downloading should be the first step to prevent accidental exposure to this...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM

The Blind Spot

In cyber security ignorance is never blissful.  It is down-right scary.  Many security operation teams have yet to develop an internal threat intelligence strategy and are currently operating with large blind spots when it comes to threats.  Let's walk through a simple scenario to help you...
Read More


Cyber Threat Intelligence SIEM Threat Intelligence Platform ThreatStream

ThreatStream OPTIC Maltego Integration

  ThreatStream LABS is excited to announce the capability for ThreatStream customers to utilize OPTIC's extensive intelligence database from within Paterva's Maltego Data and Link visualization tool using our new Maltego transforms.  These transforms allow users to enrich entities and expand on indicators of warning (IOW)...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform

Introducing ShockPot: The intelligence driven defense against ShellShock

While the security community is still recovering from the Heartbleed exploit disclosed this past April, here comes another game changing vulnerability: ShellShock.  The simple but severe vulnerability is one of the most commonly deployed command line software shells and puts millions of systems at risk to local and...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform

The Security Operations Holy Grail

Responding to a data-breach is hard.  But understanding how you got there is key to moving an effective defense towards reality.  In security operation centers (SOC), it's often said you have to crawl before you walk. Most enterprise firms are just now capable of walking. To us,...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform

Latest Security Trends - Blackhat, Defcon and B-Sides wrap-up

Blackhat, Defcon and B-Sides wrap-upHow are we advancing security?As the annual conferences have come to a wrap there are some exciting trends to come out of the industry's most exciting annual conferences. Some of the key take-aways align directly with the vision and products of ThreatStream so...
Read More


Cyber Threat Intelligence SIEM

Create an Army of Raspberry Pi Honeypots on a Budget

Hi! My name is Nathan Yee and I’m an intern at ThreatStream. I’m studying computer science and mathematics at the University of Arizona. Most recently, I worked on deploying a Raspberry Pi as a Dionaea honeypot for the recently announced Modern Honey Network project.Why Internal...
Read More


Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform

Modern Honey Network

Today we are excited to announce the Modern Honey Network (MHN). MHN is a enterprise ready honeypot management system which enables organizations to create a fully functional active-defense network in minutes.Honeypots have not received wide adoption as an enterprise defense largely because the deployment and management has been a...
Read More


Get the latest threat intelligence news in your email.