Lead Image © Kurhan, 123RF.com
Incident Analysis with The Hive and Cortex
Searching for Clues
The number of IT security incidents in the enterprise is constantly increasing, and the security of the internal infrastructure is a permanent challenge for many companies, whether the company's Security Operation Center (SOC) maintains its own team for incident analysis – a Computer Emergency Response Team (CERT) or Computer Security Incidence Response Team (CSIRT) – or initially handles monitoring and incident response as a task itself.
In addition to already fairly extensive tasks (e.g., keeping a constant eye on the infrastructure, detecting attacks at an early stage, and containing the damage attackers potentially could cause), SOCs also have other responsibilities. Incident management, authoring and monitoring situation reports, and information protection with classic risk management and business continuity are all relevant to risk prevention. As an analyst, then, you are dependent on established reporting tools and techniques for the continuous analysis of data to conduct root cause research reliably and respond to the threat in the event of damage.
Threat intelligence analysis uses a variety of tools to help gather information and share insights. Various tools let you process security incidents. In addition to GRR Rapid Response [1] or MISP [2], the list of free incident response platforms includes The Hive [3], which is being further developed by analysts from SOCs and CERTs and already offers a successful environment for automation-capable analysis of large and small volumes of data with its basic feature set – above all, thanks to its flexible extensibility. To connect to other platforms and engage in an exchange with other analysts, the developers rely on MISP, an established sharing platform.
Cortex [4] is another
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Diving into infrastructure security
How to deal with threat intelligence on the corporate network when the existing security tools are not effective. -
Detecting security threats with Apache Spot
Security vulnerabilities often remain unknown when the data they reveal is buried in the depths of logfiles. Apache Spot uses big data and machine learning technologies to sniff out known and unknown IT security threats. -
Four solutions for Prometheus long-term storage
If you use Prometheus as a time series database, you will know that the more data it stores, the slower it becomes. Thanos, Cortex, Mimir, and M3DB set out to solve this problem in totally different ways. We reveal the candidates' strengths and weaknesses. - DARPA Dives into Graph Analytics
- Sysdig Launches Open Source Stratoshark for Cloud Observability