In this post I want to discuss BindPlane architecture, specifically, the on-prem architecture for routing logs to your Google SecOps SIEM. BindPlane, at a high level, is a telemetry pipeline (built on top of the OpenTelemetry framework) that is designed to collect, refine and export logs, metrics and traces from any source to any destination. […]
BindPlane On-Prem Architecture for Google SecOps Read More »
A few days ago I read a some articles about these free online file converter tools that are actually being used for nefarious purposes. The initial warning came from the FBI who are warning these online “tools” are being used to load malware onto victims machines which can lead to ransomware attacks – FBI Denver
Dangerous File Conversion Sites Read More »
Last month I wrote an article about the Ransomware group Black Basta and how they had been leveraging Remote Desktop tools like TeamViewer, AnyDesk and more notably Quick Assist, which is Microsoft’s own Remote Desktop utility. In general it is strongly recommended to block such apps if there is absolutely no business need to have
Quick Assist Detection Read More »
CISA, along with the FBI, Department of Health and Human Services (HSS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), released an advisory towards the beginning May announcing how the Ransomware group Black Basta have been targeting Critical Infrastructure as of late. They have already impacted over 500 organisations around the globe. You can
Black Basta and Remote Desktop Tools Read More »
This article will explain how to setup data obfuscation in QRadar using regex. There will be times where you may need to mask certain data coming into your SIEM platform for various reasons for your organisation. For example it maybe to mask PII (Personally Identifiable Information) data in order to comply with regulations such as
Data Obfuscation in QRadar Read More »