SOC Prime

Detect CVE-2024-49113 (aka #LDAPNightmare) – Windows LDAP denial-of-service vulnerability exploited via a publicly available PoC – using a set of #Sigma rules in the SOC Prime Platform. https://lnkd.in/dFe4rSvt

Dive into the #KnowledgeBits digest packed with useful tips and insights – your go-to for Elasticsearch know-how: 🔸 Elasticsearch: Cluster Status is RED - https://lnkd.in/dCJBS3GM 🔸 Additional Settings for Optimizing Elasticsearch Cluster Performance - https://lnkd.in/dMYP5EEk 🔸 How to prevent BufferOverflowError - https://lnkd.in/dVDe_xE4 🔸 Optimizing Elasticsearch Master Node for Cluster Stability - https://lnkd.in/dU2kkuh4 🔸 Monitoring Index Size Trends in Elasticsearch: Monthly and Daily Statistics - https://lnkd.in/d7_4QMFB Sharpen your skills, share thoughts in the comments, and stay tuned for more updates from SOC Prime experts!

Detect CVE-2024-55591 exploitation attempts, a critical authentication bypass vulnerability in Fortinet FortiOS and FortiProxy exploited in the wild, with Sigma rules from SOC Prime.

Use #Uncoder AI to auto-parse threat reports and #IOC files straight into customized search queries ready to run in your SIEM or EDR environment. https://buff.ly/3QOS6tO

Detect Banshee Stealer, a stealthy macOS malware that uses XProtect-inspired encryption to evade detection, with a set of Sigma rules in the SOC Prime Platform.

𝐓𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐔𝐧𝐜𝐨𝐝𝐞𝐫 𝐢𝐬 𝐘𝐨𝐮! We introduce Uncoder AI Solo – a personal subscription plan at https://lnkd.in/d2q4AsEF providing access to our private IDE & co-pilot for daily detection engineering tasks. Previously exclusive to corporate clients, its full capabilities are now open to individual researchers. Available via instant Stripe purchase, 𝐬𝐚𝐯𝐞 𝟱𝟬% 𝐨𝐧 𝐚𝐧 𝐚𝐧𝐧𝐮𝐚𝐥 𝐩𝐥𝐚𝐧 when you subscribe now for a year! Uncoder AI helps you create & translate detection rules as easily, fast, and accurately as possible. • 𝐏𝐫𝐢𝐯𝐚𝐜𝐲-𝐅𝐨𝐜𝐮𝐬𝐞𝐝: Hosted in a SOC 2 Type II cloud with no third-party data sharing. • 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐑𝐮𝐥𝐞 𝐋𝐢𝐜𝐞𝐧𝐬𝐞: Full respect for Sigma rule licensing with proper author attribution. • 𝐂𝐫𝐨𝐬𝐬-𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐓𝐫𝐚𝐧𝐬𝐥𝐚𝐭𝐢𝐨𝐧𝐬: Translate Sigma rules to 46 SIEM, EDR, and Data Lake native languages in a button click, or convert across native formats without limits. • 𝐈𝐎𝐂 𝐐𝐮𝐞𝐫𝐲 𝐆𝐞𝐧𝐞𝐫𝐚𝐭𝐢𝐨𝐧: Generate IOC-based queries as simply as copy-paste. • 𝐒𝐦𝐚𝐫𝐭 𝐑𝐮𝐥𝐞 𝐀𝐬𝐬𝐢𝐬𝐭𝐚𝐧𝐜𝐞: Intelligent autocompletion and ATT&CK tagging powered by private, green, and compute-efficient machine learning. • 𝐄𝐱𝐭𝐞𝐧𝐝𝐞𝐝 𝐑𝐮𝐥𝐞 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞: Access broad rule intel or enrich detections with optional AI integration to expand on metadata, without sharing your detection code logic. • 𝐔𝐧𝐜𝐨𝐝𝐞𝐫 𝐀𝐈 𝐀𝐏𝐈 𝐀𝐜𝐜𝐞𝐬𝐬: Integrate Uncoder AI into your workflow with full API support to complete your daily detection engineering tasks. • 𝐈𝐧𝐯𝐞𝐬𝐭 𝐢𝐧 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠: 10% of Uncoder AI Solo revenue supports expert Threat Bounty contributions. Trusted by 50,000 Detection Engineers, Threat Hunters, and Threat Intelligence Analysts, Uncoder AI is now available for you at its full power. Explore now: https://lnkd.in/dv-UQyNS

The first 2025 edition of #KnowledgeBits Digest is here! Packed with expert tips and insights for Apache #Kafka users—don’t miss out 👇 🔸 Understanding Basics of Apache Kafka https://buff.ly/4h55qVk 🔸 Using Kafka as a Fast Correlation Engine https://buff.ly/42aFeEy 🔸 KRaft: Apache Kafka Without ZooKeeper https://buff.ly/4h6T9j7 🔸 Reducing Kafka Lag: Optimizing Kafka Performance https://buff.ly/4hc2OVV 🔸 What is Event Streaming in Apache Kafka? https://buff.ly/4h4h5Ug 🔸 Message Queues vs. Streaming Systems: Key Differences and Use Cases in Apache Kafka https://buff.ly/4hb8uze Learn, engage, and stay tuned to foster knowledge-sharing together!

Detect #EAGERBEE – a new backdoor targeting Middle East ISPs and government sector – using a set of Sigma rules in the SOC Prime Platform. https://lnkd.in/dQj4xbsm

Are smooth content deployments with non-standard data schemas on your organization's wish list? Explore our new guide on how to set up Custom Field Mapping and apply alternative translations for customized content deployments using SOC Prime Platform.

Dive into the #SigmaRules list, based on CERT, CISA, and CSIRT investigations, that helps to address tactics, techniques, and procedures used by various threat actors in ongoing offensive operations. Rule Feed: https://buff.ly/47b4n1A The rule list is dynamically updated with detection content on the latest reports by CERT-UA.