OpenText’s Post

Cyber threats are becoming more sophisticated and relentless. Organizations need smarter, faster solutions to stay ahead. OpenText Threat Detection & Response leverages advanced behavioral analytics and the MITRE ATT&CK framework to cut through the noise, identifying threats before they become critical. This is the future of proactive threat management. Check out this live demo from #OpenTextWorld to see it in action:

External attacks are more sophisticated and numerous than ever before. Too much data, too many alerts, too much noise. Security Operations Analysts can now have OpenText be their threat hunting assistant – sifting through millions of events per day to find the needle in the haystack of suspicious activities by applying advanced behavioral analytics and pulling in the knowledge base of the MITRE attack framework. Learn more about how to prevent against Insider Threats today in this live demo from #OpenTextWorld for OpenText Threat Detection & Response. https://lnkd.in/eu3CpgQs

Cyber threats are evolving rapidly, with billions of records and incidents demanding swift and intelligent responses. Overwhelmed by alerts and data noise? OpenText empowers Security Operations Analysts with cutting-edge tools, leveraging machine learning and built-in algorithms to cut through the chaos. With advanced behavioral analytics and the power of XDR , analysts can uncover hidden threats across endpoints, networks, and applications. Integrating the MITRE ATT&CK framework and supporting proactive incident response, OpenText transforms threat hunting into precision detection. At OpenText World Las Vegas, we announced updates to OpenText Threat Detection & Response. These enhancements include improved real-time correlation capabilities, expanded support for cloud-native environments, and AI-driven recommendations for incident response prioritization. The latest release introduces seamless integration with OpenText’s security ecosystem, enabling faster deployment and enriched insights. Discover how the latest innovations in OpenText Threat Detection & Response empower organizations to outpace evolving cyber threats and safeguard against both insider and external attacks. Watch the Demo here --> https://lnkd.in/d9_wF8zz

3 AM; Just wrapped up an exciting project where I set up a home SIEM lab using Elastic and a Kali VM! I have written a Medium Post about it as well if anyone else wants to try it themselves! Key Takes - 1) Forwarded data using the Elastic Beats agent 2) Generated security events with Nmap 3) Queried and analyzed logs through the Elastic web interface 4) Built a dashboard to visualize security events 5) Created alerts for real-time threat detection This hands-on experience has been invaluable for sharpening my security monitoring and incident response skills. A big thank you to Sandra L. for sharing the idea! #Cybersecurity #SIEM #ElasticStack #InfoSec #ThreatDetection #IncidentResponse #KaliLinux #SecurityMonitoring

Just finished "SIEM: Event Management with Splunk Security" by Nato Riley! Check it out: https://lnkd.in/eMYbzE94 #securityincidenteventmanagement. Keep on adapting, knowledge is power and understand what you want #careergrowth #careerdevelopment

🚀 Diving Deep into SIEM Solutions: A Hands-On Experience with QRadar 🌐 In today’s evolving threat landscape, effective Security Information and Event Management (SIEM) is critical for detecting, analyzing, and mitigating threats. I recently had the opportunity to explore IBM QRadar in-depth, and here’s a quick summary of the highlights from my learning journey: User Management Made Simple 🔑 Adding a user to QRadar is straightforward: 1️⃣ Navigate to the Admin tab. 2️⃣ Under User Management, click Add. 3️⃣ Enter the username, password, and assign a role (e.g., Admin or WinCollect). Understanding the QRadar Dashboard 📊 QRadar provides an intuitive interface with powerful features: 1️⃣ Offenses Tab •Central hub for analyzing offenses triggered by custom detection rules. •To create a rule, click New Event Rule, define filters, set severity, credibility, and relevance: •Severity: Impact on your environment. •Credibility: Trustworthiness of the event data. •Relevance: Applicability of the event to your environment. 2️⃣ Log and Network Activity Tabs •Analyze logs and network flows using protocols like NetFlow. •View asset details and monitor network activity seamlessly. 3️⃣ Reports •Automate report generation to simplify incident tracking. Detection Engineering: Foundation of Threat Hunting 📌 Detection starts with enabling audit policies for Windows/Linux and forwarding logs to QRadar. •Install and configure syslog and auditd on endpoints to capture critical system changes, such as: 🔒 Monitoring password or shadow file changes. 🛡️ Tracking sudo usage or commands executed. Attack Scenarios and Detection Rules 🛠️ During simulations, I explored various attack techniques: 1️⃣ Windows Defender Real-Time Protection Disabling •Detected via the rule created to monitor Set-MpPreference commands. 2️⃣ Persistence with Scheduled Tasks •Command: schtasks /create /tn "Hello World" /tr "MrRobot.cmd" /sc minute /mo 5 /ru SYSTEM. •Mitigated with schtasks /delete /tn "Hello World" /f. 3️⃣ Abusing LOLBins to Delete Shadow Copies •Detected the command: vssadmin delete shadows /all /quiet. •Mapped to MITRE ATT&CK technique T1490. Case Study: Akira Ransomware 🛡️ Akira ransomware highlights the importance of robust SIEM configurations. This ransomware group employs data encryption and exfiltration, threatening public exposure of stolen data. Learn more about their methods: BlackBerry Blog. 💡 Key Takeaways: •Implement proactive detection rules based on known TTPs (e.g., from MITRE ATT&CK). •Monitor and alert on suspicious activities using tools like QRadar. Best Practices ✅ Strengthen access controls. ✅ Enable endpoint detection and response (EDR). ✅ Regularly back up critical data. 🛡️ Cybersecurity is all about staying ahead of the curve! #CyberSecurity #SIEM #QRadar #ThreatHunting #DetectionEngineering #MITREATTACK #IncidentResponse https://lnkd.in/dDKrdCGS

CrowdStrike sets a new speed benchmark in closed-book MITRE evaluation. #1 in Mean Time To Detect #1 in Detection Coverage #1 in Managed Detection and Response #1 in Helping Organizations Stop Breaches When CrowdStrike wins, our customers win. … and they ultimately sleep better. https://lnkd.in/dqtSMCKv

Simplify security! Discover how automation and secret rotation can streamline developer tasks and enhance your organization's security posture. Don't miss our partners at @HashiCorp's upcoming webinar on securing your technology estate in the age of dynamic applications and distributed teams! Discover how to implement secret rotation, automation, and more to simplify developer tasks and enhance security. Register here https://hubs.ly/Q02wrM200

We are thrilled to be an Innovator Sponsor at this year's CrowdStrike #FalCon2024 event.   Meet us at booth 6C to learn how we can help you solve your top security challenges, including: ✔️ Realizing the ROI of your security investments ✔️ Addressing the underutilization of security products and platforms ✔️ Overcoming the lack of cross-platform intelligence and reporting dashboards ✔️ Navigating the complexity of managing control audits and mapping them to standardized frameworks ✔️ Managing user and device-related risks across your organization See our current integration with CrowdStrike - https://lnkd.in/gU_GaWyU #CISO #DiscernSecurity #CrowdStrike

This is an excellent and comprehensive blog that effectively demonstrates how to leverage Sigma, a standardized rule-sharing format, in conjunction with Splunk to detect and mitigate credential dumping attacks, particularly using Mimikatz. The author clearly explains the significance of the lsass.exe process and why it’s such a prime target for attackers seeking to extract sensitive credentials from memory. What stands out is the practical, hands-on approach—setting up the environment with Sysmon and Splunk, capturing Event ID 10, and converting Sigma rules into Splunk queries. This method not only shows how to detect the attack but also highlights how Sigma rules can be adapted across various SIEM platforms, making the blog highly relevant for cybersecurity professionals. The inclusion of the step-by-step Sigma rule creation, false positive management, and conversion via Sigma-cli is invaluable for those looking to implement similar detections in their environments. The blog also underscores the importance of fine-tuning and customization based on an organization's environment, which is key when working with such high-volume logs. Overall, this write-up is a great resource for anyone looking to improve their threat detection capabilities using Sigma and SIEMs. #CyberSecurity #ThreatDetection #SigmaRules #Splunk #Mimikatz #CredentialDumping #SIEM #Sysmon #WindowsSecurity #InfoSec