Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Administered by:

Server stats:

215
active users

eupolicy.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#AnomalyDetection

0 posts0 participants0 posts today
Public
da_667

Hey Hey People,

DA Here.

Do you, have a Suricata sensor in your network?

Do you, use Suricata as a part of sandbox that you run?

Have you, been hammering away at finding evil, and want to find more?

I'm doing a webinar courtesy of OISF this Thursday. 3PM UTC, which translates to 10am EST.

I'll be talking about two things during this meeting: One, is making good use of the ET INFO rule category as an early warning system.

Sure, there is a lot of noise to sift out of ET INFO, and for that reason, some choose to just cut it entirely. I'm here to show you how to grab the stuff we've seen in our sandboxes that can help to lead anomaly detection.

In the second part of this talk, I will talk about how you can convert network and system-specific artifacts into a set of Honeytoken-like IDS rules that again, can lead to anomaly detection, and perhaps even catching advanced or unidentified threats.

Here is a link to register for the meeting: us02web.zoom.us/webinar/regist

ZoomWelcome! You are invited to join a webinar: Honeytoken IDS rules and ET INFO Rules for Anomaly Detection with Tony Robinson. After registering, you will receive a confirmation email about joining the webinar.This talk is going to be a double header, focusing on ways to spot anomalous activity for threats that may or may not have specific signatures. First, Tony will the value the ET INFO rule category can provide in spotting some of this anomalous activity. He'll discuss the rules use that provide value in spotting unusual activity, and how attendees can customize the ET INFO rule category to better suit their needs. The second part of this talk will show attendees how to use system specific artifacts to create IDS rules that can detect exfiltration of this data, for detecting anomalous activity. He'll also discuss using cyberchef to tranform and encode this data in various ways to create rules to detect obfuscation methods attackers use when exfiltrating this information. If there is time, Tony will talk about collaboration he has done with the maintainers of the secureworks dalton project that might make development of rules like this much easier.
#Suricata#EmergingThreats#DetectionEngineering
Public
Tero Keski-Valkama

I am a #SoftwareEngineer and an #AI #researcher living in a #polyamorous relationship in #Benalmádena, #Málaga, #Spain. I mainly post #InternationalNews and #technology.

I have authored 16+ #patents, I am doing research on #Industrial #AnomalyDetection using #DifferentiableComputing and #DeepLearning.

I hack with #SDR and I have a #FlipperZero.

I have programmed computers since I was 6 years old and they generally do what I tell them to.

#introduction, #introductions

Public *
Marko Jahnke

In the early 2000s, #SvenHenkel and myself developed an #IDMEF/ #IDXP compliant security event message pipelining framework for collecting and consolidating log messages, e.g., from network #IDS, and #EDR products.

In the messages stream, we were able to match multi-stage #correlation #DetectionRules in near real-time (in-memory), before everything was stored in a central database. Structural graph-based #AnomalyDetection was developed later by some colleagues.

We called it #MetaIDS.

ExploreLive feeds
About