Threat Hunting
Threat Hunting Rule Extraction and Use Cases
TL;DR: You can now extract IOCs and behavioral indicators to a hunting rule format for your endpoint security system. This enables you...
Detection Rules for Lightning Framework (and How to Make Them With Osquery)
On 21 July, 2022, we released a blog post about a new malware called Lightning Framework. Lightning is a modular malware framework...
Stay Ahead of the Latest Threats with Threat Family Tracking
TL;DR – You can now subscribe to threat actors/malware families in Intezer and receive notifications for new IoCs and detection opportunities. Staying...
SOC Level Up: Threat Hunting and Detection With Sigma
Sigma is a universal markup language for analyzing logs, which you can use to write threat hunting and detection rules for evolving...
How to Write YARA Rules That Minimize False Positives
Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower...
SOC Level Up: Introduction to Sigma Rules
Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...
Scale Incident Response with Detection Engineering: Intezer Detect & Hunt
Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are...
Detection Rules for Sysjoker (and How to Make Them With Osquery)
On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...
Proactive Threat Hunting with Intezer
What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....
TrickBot or Treat 2.0
In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...