Blog

Category: SIEM

Anomali Labs: Evidence of a New Framework POS Campaign

Anomali labs research team has come across a new FrameworkPOS campaign that seems to be slowly picking up. This campaign although is not as big as the former ones found during our initial research still gives us clues about how active the actors behind this activity are.Samples observed During...

Read More

Addressing the “last mile” problem for Threat Intelligence data

Over the last several months, ThreatStream has rebranded as Anomali and launched two new products-- Anomali Enterprise and Anomali Reports. Today we announced a new C-round of funding for the company, in what is widely known as a time when it is harder to get funding from venture capitalist firms....

Read More

Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools

A couple weeks ago, Nicholas Albright and myself from ThreatStream Labs offered a workshop at BSidesLV 2015 on Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools. This was a packed class and we ended up having more attendees than the maximum class size. This made teaching the...

Read More

Monitoring Anonymizing Networks (TOR/I2P) for Threat Intelligence

 Disclaimer: Due to the prevalence of illegal material, specifically illegal images, we highly recommend only experienced researchers who understand the risks perform research in this area. Regardless of the experience of the investigator, disabling image loading or downloading should be the first step to prevent accidental exposure to this...

Read More

The Blind Spot

In cyber security ignorance is never blissful.  It is down-right scary.  Many security operation teams have yet to develop an internal threat intelligence strategy and are currently operating with large blind spots when it comes to threats.  Let's walk through a simple scenario to help you...

Read More

ThreatStream OPTIC Maltego Integration

  ThreatStream LABS is excited to announce the capability for ThreatStream customers to utilize OPTIC's extensive intelligence database from within Paterva's Maltego Data and Link visualization tool using our new Maltego transforms.  These transforms allow users to enrich entities and expand on indicators of warning (IOW)...

Read More

Introducing ShockPot: The intelligence driven defense against ShellShock

While the security community is still recovering from the Heartbleed exploit disclosed this past April, here comes another game changing vulnerability: ShellShock.  The simple but severe vulnerability is one of the most commonly deployed command line software shells and puts millions of systems at risk to local and...

Read More

The Security Operations Holy Grail

Responding to a data-breach is hard.  But understanding how you got there is key to moving an effective defense towards reality.  In security operation centers (SOC), it's often said you have to crawl before you walk. Most enterprise firms are just now capable of walking. To us,...

Read More

Latest Security Trends - Blackhat, Defcon and B-Sides wrap-up

Blackhat, Defcon and B-Sides wrap-upHow are we advancing security?  As the annual conferences have come to a wrap there are some exciting trends to come out of the industry's most exciting annual conferences.  Some of the key take-aways align directly with the vision and products of...

Read More

Create an Army of Raspberry Pi Honeypots on a Budget

Hi! My name is Nathan Yee and I’m an intern at ThreatStream. I’m studying computer science and mathematics at the University of Arizona. Most recently, I worked on deploying a Raspberry Pi as a Dionaea honeypot for the recently announced Modern Honey Network project.Why Internal...

Read More
Register for a Free Anomali Account Register now