Processing IOCs in the StealthWatch System Charles Herring

Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.

Spear Phish Detection and Response Charles Herring

The difficulty in controlling user behavior makes spear phishing a "no-brainer" for attackers. Network surviellance can detect the attack at different parts of the kill chain.

Has APT1 Been Eating My Porridge? Charles Herring

NetFlow when effectively stored makes a great basis for analyzing indicators of compromise (IOC) like those provided in Mandiant's APT1 report.

Subscribe to IOC