Lesly Merine’s Post

Earlier this year, the threat actor UNC5537 targeted Snowflake customers, using Infostealers to infiltrate Snowflake instances. This campaign raised significant concern across the industry and underscored the urgent need for comprehensive Threat Detection and Incident Response strategies, particularly around data lakes. In response, our team has focused heavily on hunting and investigating Snowflake-related attacks, developing valuable insights and effective threat-hunting techniques to help you detect and respond to these types of intrusions. Check out this in-depth blog post by Alon Klayman and Yagel Yosef for more details!

Helpful guide for CISOs and their teams!

In this follow-on blog post Mauricio Velazco and the Splunk Threat Research Team expand upon my previous blog post with Madeleine Tauber to dive further into what our data means from a functional perspective, and how the STRT team can "provide practical support, and resources to threat hunters" and also provides examples of usecases. #security #threathunting #splunk #threatresearch https://lnkd.in/gSrZau6H

Arm Your Threat Hunters with Self-Service Analytics https://lnkd.in/euWw5jRz This post was originally published here by Sqrrl Team. The new Sqrrl Enterprise 2.8 introduces an enhanced risk framework and powerful new analytic tools to simplify, accelerate, and amplify threat hunting. The new framework empowers analysts to create their own custom-built threat hunting analytics (“risk triggers”) without having to write any code. The extensible framework also now includes triggers which enrich Sqrrl’s built-in analytics by incorporating correlated information from external sources of risk like SIEM alerts and threat intelligence feeds for every user, IP address, host, and domain inside the organization. The enhanced Risk Trigger framework calculates risk scores on every entity […]

Arm Your Threat Hunters with Self-Service Analytics https://lnkd.in/euWw5jRz This post was originally published here by Sqrrl Team. The new Sqrrl Enterprise 2.8 introduces an enhanced risk framework and powerful new analytic tools to simplify, accelerate, and amplify threat hunting. The new framework empowers analysts to create their own custom-built threat hunting analytics (“risk triggers”) without having to write any code. The extensible framework also now includes triggers which enrich Sqrrl’s built-in analytics by incorporating correlated information from external sources of risk like SIEM alerts and threat intelligence feeds for every user, IP address, host, and domain inside the organization. The enhanced Risk Trigger framework calculates risk scores on every entity […]

We have just released our Snowflake threat hunting guide, which contains guidance and queries for detecting abnormal and malicious activity across Snowflake customer database instances. Default retention policies for the relevant views enable threat hunting across the past 1 year (365 days). This guide should help organizations uncover the recent UNC5537 campaign or other discrete security incidents. Direct link to the document: https://lnkd.in/e-GtwqqH

Arm Your Threat Hunters with Self-Service Analytics https://lnkd.in/euWw5jRz This post was originally published here by Sqrrl Team. The new Sqrrl Enterprise 2.8 introduces an enhanced risk framework and powerful new analytic tools to simplify, accelerate, and amplify threat hunting. The new framework empowers analysts to create their own custom-built threat hunting analytics (“risk triggers”) without having to write any code. The extensible framework also now includes triggers which enrich Sqrrl’s built-in analytics by incorporating correlated information from external sources of risk like SIEM alerts and threat intelligence feeds for every user, IP address, host, and domain inside the organization. The enhanced Risk Trigger framework calculates risk scores on every entity […]

CDM Phases and Sqrrl https://lnkd.in/e7-pPpVK This post was originally published here by Ely Kahn. Sqrrl’s Threat Hunting Platform is at the forefront of supporting the Department of Homeland Security’s mission of defending the United States against threats in cyberspace. The Threat Hunting Platform features: Machine learning and graph algorithms to detect kill chain behaviors Sqrrl’s Security Behavior Graph, which leverages link analysis to enable analysts to easily create attack narratives Big Data processing and storage using Hadoop and Apache Accumulo MNGEVT use cases include APT detection, insider threat detection, and malware detection. OMI use cases include alert investigations and incident investigations. Sqrrl’s Threat Hunting Platform […]

CDM Phases and Sqrrl https://lnkd.in/e7-pPpVK This post was originally published here by Ely Kahn. Sqrrl’s Threat Hunting Platform is at the forefront of supporting the Department of Homeland Security’s mission of defending the United States against threats in cyberspace. The Threat Hunting Platform features: Machine learning and graph algorithms to detect kill chain behaviors Sqrrl’s Security Behavior Graph, which leverages link analysis to enable analysts to easily create attack narratives Big Data processing and storage using Hadoop and Apache Accumulo MNGEVT use cases include APT detection, insider threat detection, and malware detection. OMI use cases include alert investigations and incident investigations. Sqrrl’s Threat Hunting Platform […]

CDM Phases and Sqrrl https://lnkd.in/e3ze6fap This post was originally published here by Ely Kahn. Sqrrl’s Threat Hunting Platform is at the forefront of supporting the Department of Homeland Security’s mission of defending the United States against threats in cyberspace. The Threat Hunting Platform features: Machine learning and graph algorithms to detect kill chain behaviors Sqrrl’s Security Behavior Graph, which leverages link analysis to enable analysts to easily create attack narratives Big Data processing and storage using Hadoop and Apache Accumulo MNGEVT use cases include APT detection, insider threat detection, and malware detection. OMI use cases include alert investigations and incident investigations. Sqrrl’s Threat Hunting Platform […]