How to use the ReversingLabs file enrichment API offer for Microsoft Sentinel
In today’s ever-changing security landscape, it is vital for security operations teams to have access to reliable and complete information about possible threats. File objects, in particular, can hold a lot of valuable information for defenders. However, accessing this information can be difficult without the right tools ... Read More
Give your Microsoft Sentinel incidents some style
Working in a SIEM (Security Information and Event Management) tool all day can be dull. Platform designers often prioritize data to facilitate decision-making, overwhelming SOC analysts with information hindering their focus. In web design, subtle choices can impact how users interact with a web page. Visual cues help identify the ... Read More
How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel
Integrating threat intelligence into a security operations center (SOC) investigation process can be challenging. Teams unfamiliar with incorporating threat intelligence into their systems often employ indicators of compromise as mere checklists. While this is acceptable, a wealth of additional context could prove valuable during the investigation process ... Read More
How to Use Threat Intelligence Indicator Feeds with Microsoft Sentinel
Threat intelligence indicator feeds can be a force multiplier for the SOC team looking to improve their efficiency in detecting specific threat actors. However, many organizations rush into purchasing indicator feeds without understanding how to integrate them into their security operations effectively ... Read More
ReversingLabs Content Pack for Microsoft Sentinel
Microsoft Sentinel is revolutionizing the SIEM market by simplifying the process of deploying and monitoring cloud and on-premises environments for security issues. However, operators face a drawback as Microsoft Sentinel gives them a blank slate, causing new users to question which alerts and content they should install ... Read More
Smart Security Operations: How to Enrich Alerts and Data for SOC Efficiency
Example showing ReversingLabs TitaniumCloud file enrichment. Performing triage is one of the most tedious parts of being a SOC analyst. Hopefully, it's an alert that the SOC has an established and well-defined triage procedure, so the alert is not Yet Another False Positive (TM). If enough data is available, the ... Read More