I'm currently finalising a Security Operations app that centralises triage for security alerts (North / https://north.sh) into an intuitive interface that better helps Security Operations teams, MSSPs & SOCs.
It tries to deal with alert fatigue via some nice de-duplication techniques (via customisable aggregation and correlation rules), manages and runs detection rules against different logging platforms (Elastic, Splunk and ALA/Azure) with Validation and Simulation testing, and will lower the time that it takes to determine malicious activity by presenting as much relevant information per security alert as possible.
Hopefully to launch sometime before end-of-year. If you're interested, I'm always free to talk via alex@sinn.io, or sign up to the newsletter.
Hey Team, the SigmaHQ team and I have been working over the last 11 months & we're finally happy to release a brand new documentation suite and website to try and bring more Security & Detection engineers to adopt Sigma and enjoy the benefits around the ecosystem.
Please let us know what you think & feel free to ask any questions!
Any plans to add more backends to pySigma or to have parity with sigmac? How about support to covnert to sigma instead of just from? It would be a great way to share intel.
I see random github repos with sigma rules popup, it would be nice if you guys came up with a community repo anyone can dump into without going through your PR process (think Alienvault OTX but for Sigma).
It's also not clear on Nextron system's website if they offer paid/private/supported rules to compete with the likes of socprime.
Australia based community-focused platform SaaS to deal with sports teams, communities and societies. Looking for a co-founder in business/marketing or PHP/Vue development - Email hn@platformapp.io for more info.
It tries to deal with alert fatigue via some nice de-duplication techniques (via customisable aggregation and correlation rules), manages and runs detection rules against different logging platforms (Elastic, Splunk and ALA/Azure) with Validation and Simulation testing, and will lower the time that it takes to determine malicious activity by presenting as much relevant information per security alert as possible.
Hopefully to launch sometime before end-of-year. If you're interested, I'm always free to talk via alex@sinn.io, or sign up to the newsletter.
https://north.sh/
reply