Did you miss this? 🚨 Snowflake customer database instances are being targeted for data theft and extortion. To help defenders, we released a threat hunting guide with guidance and queries for detecting abnormal and malicious activity across Snowflake customer database instances. Read the guide: https://bit.ly/4cg0Gdw Read the blog post to uncover more findings: https://bit.ly/3xFbxia #Mandiant #Snowflake #ThreatHunting
Mandiant (part of Google Cloud)’s Post
More Relevant Posts
-
In the aftermath of a cyberattack, swift and effective response is crucial to minimize damage and downtime. The key is restoring systems quickly and safely, often through backups. However, identifying the right recovery point can be challenging. Rubrik’s Threat Hunting feature scans backup snapshots to find indicators of compromise (IOCs), pinpointing the exact time and scope of infection. This precise recovery minimizes data loss and downtime, helping businesses resume normal operations faster. Read More: https://lnkd.in/e8-x_DJK #DOFtechnology #ServiceDriven #DataProtection
To view or add a comment, sign in
-
-
Co-founder @ FourCore | Emulate the most imminent threats in minutes | Security Validation | Threat-informed defense
🌟Glimpses from our workshop at Data Security Council of India #AISS2023. The workshop was titled "Detection Engineering and Adversary Emulation". Swapnil A. focused on why it's important to detect behaviours, and how to test detections using adversary emulation. Going through the various methods threat actors steal credentials from browsers, how to build detections for these methods and a live threat hunting session using Splunk and FourCore ATTACK! #DetectionEngineering #AdversaryEmulation Hardik Manocha
To view or add a comment, sign in
-
𝐇𝐢 𝐠𝐮𝐲𝐬!!!👋👋👋 Welcome back to our weekly meeting on Data Analytics for 𝑪𝒚𝒃𝒆𝒓𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚📊 📈 📉. Today I want to share with you an interesting article which is a sort of guide for 𝐭𝐡𝐫𝐞𝐚𝐭 𝐡𝐮𝐧𝐭𝐢𝐧𝐠 𝐚𝐧𝐝 𝐝𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 using 𝑤𝑒𝑏 𝑝𝑟𝑜𝑥𝑦 𝑙𝑜𝑔𝑠. Web Proxies generate a common set of information that can be used for threat hunting and detection. We can use such information to build a 𝑀𝑎𝑐ℎ𝑖𝑛𝑒 𝐿𝑒𝑎𝑟𝑛𝑖𝑛𝑔 model that can find threats analyzing logs.⚠️ The author explained how this information can be used for our task and describes the technique and what to look for for each feature, like 𝐃𝐮𝐫𝐚𝐭𝐢𝐨𝐧, 𝐁𝐲𝐭𝐞𝐬 𝐈𝐧, 𝐁𝐲𝐭𝐞𝐬 𝐎𝐮𝐭, 𝐔𝐑𝐋 𝐂𝐚𝐭𝐞𝐠𝐨𝐫𝐲, 𝐔𝐑𝐋 𝐇𝐨𝐬𝐭𝐧𝐚𝐦𝐞, 𝐔𝐑𝐋 𝐏𝐚𝐭𝐡, 𝐔𝐑𝐋 𝐐𝐮𝐞𝐫𝐲, 𝐅𝐢𝐥𝐞 𝐍𝐚𝐦𝐞. Obviously these are only some of the possible features that we can analyze, as the process of 𝑓𝑒𝑎𝑡𝑢𝑟𝑒 𝑒𝑥𝑡𝑟𝑎𝑐𝑡𝑖𝑜𝑛 is a continuous process, but they give an idea of the approach to use to extract useful information and then build our 𝐌𝐋 𝐦𝐨𝐝𝐞𝐥. Threats and anomalies may always hide in our data every day, so don't forget: 𝑡𝑟𝑢𝑠𝑡𝑖𝑛𝑔 𝑖𝑠 𝑔𝑜𝑜𝑑, 𝑛𝑜𝑡 𝑡𝑟𝑢𝑠𝑡𝑖𝑛𝑔 𝑖𝑠 𝑏𝑒𝑡𝑡𝑒𝑟!!📌 Hope that it could be an interesting and useful for your use cases!!!✌️✌️✌️ https://lnkd.in/ewpNcXV3
To view or add a comment, sign in
-
Start now with Attack Detective to validate your detection stack in less than 300 seconds with an automatic read-only ATT&CK data audit to find blind spots in your log source coverage. https://lnkd.in/duWUn_d6 #threathunting #threatdetection #infosec
Attack Detective
my.socprime.com
To view or add a comment, sign in
-
set query_datetimescope_to = datetime(2024-04-30 18:22:00); SecurityEvent | where thanks goes to Blu Raven | summarize experience() Security investigations, threat hunting and detection engineering can't be done without a bit of typing! This was a great introduction to the power of KQL which is used in platforms like Sentinel and Microsoft Defender. Link in the comments if you'd like to try when new seats become available. 🔎 🔐 #KQL #security #analysis #siem #sentinel #defender
To view or add a comment, sign in
-
-
Rely on Attack Detective to automatically scan your environment with custom parameters and datasets to determine the potential attack surface. Quickly filter the results and verify them in your Data Plane to remediate the threat in the least time possible. https://lnkd.in/duWUn_d6
Attack Detective
my.socprime.com
To view or add a comment, sign in
-
𝗨𝘀𝗶𝗻𝗴 𝗗𝗮𝗿𝗸𝘁𝗿𝗮𝗰𝗲 𝗳𝗼𝗿 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 From data collection to threat identification, response, and documentation, Darktrace technology can be used throughout the entire threat-hunting lifecycle. https://lnkd.in/d6ej6u-b #MCS #mcsholding #threathunting #datacollection
Using Darktrace for Threat Hunting | Darktrace Blog
darktrace.com
To view or add a comment, sign in
-
Start now with Attack Detective to validate your detection stack in less than 300 seconds with an automatic read-only ATT&CK data audit to find blind spots in your log source coverage. https://lnkd.in/duWUn_d6
Attack Detective
my.socprime.com
To view or add a comment, sign in
-
💰 The average total cost of a breach is $4.45 million USD. Stop big game hunting adversaries from pursuing data theft with a modern approach to securing your enterprise data. Learn how in this upcoming CrowdStrike CrowdCast. https://lnkd.in/eFCdQDHe
To view or add a comment, sign in
-
-
💰 The average total cost of a breach is $4.45 million USD. Stop big game hunting adversaries from pursuing data theft with a modern approach to securing your enterprise data. Learn how in this upcoming CrowdStrike CrowdCast. https://lnkd.in/gYaPbqtd
To view or add a comment, sign in
-