Table of contents
- SIGMA for the new detection workflow
- The Observables page is getting a makeover
- Export relationships in MITRE ATT&CK format
- We detect offensive security tools
- A continuous improvement of our CTI base
SEKOIA.IO aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience. In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating new features while improving existing features. Discover in this article, all the news published in December 2021.
SIGMA for the new detection workflow
Improved detection, choose the SIGMA detection language to facilitate the setup of your custom rules!
SEKOIA.IO’s detection workflow was historically based on the STIX patterning format, today we include SIGMA support to:
- Facilitate the writing of detection rules by automatically generating a rule in SIGMA format when selecting the desired fields in the “Details” tab of an event.
- Simplify the reading, understanding and writing of SIGMA rules, a more common and unified detection language.
- Write detection rules based on the same data model as the events, which remains the ECS.
- Ensure more stability and performance at the detection level.
Faster investigation, use the assets created in SEKOIA.IO to enrich the events!
Tags associated with known observables in the Intelligence Center will also be available to provide more information on different attributes for a better understanding of the event.
The Observables page is getting a makeover
Not only a new design, but also more features!
As you already know, observables complete your IoC-based investigation. We’ve linked the two! You can see which threats are related to an observable by viewing its relationships in the “Related Threats” tab.
To make it even easier to use them, you now have the option to:
- Filter observables by type, tag and source.
- Copy information related to observables such as ID or name in a single click.
- View or copy to an observable’s JSON file more quickly.
- Find threats associated with observables through the “Related Threats” tab to be redirected to the Intelligence page for maximum context.
Export relationships in MITRE ATT&CK format
In addition to CSV and JSON Lines, you can now export relationships in MITRE ATT&CK format. You can select one or more object types, or export them all in the format you prefer.
We detect offensive security tools
A continuous improvement of our CTI base
This playbook is also run automatically on a daily basis to retrieve and integrate into SEKOIA.IO the hash and malware/ransomware configuration of the latest samples published on the Triage sandbox.
Read other blog post :