SlideShare a Scribd company logo

Kaspersky Threat Intelligence Portal and DNIF Use Cases

Download as PPTX, PDF
DNIF
DNIF

DNIF is a next gen SIEM platform with advanced security and automation capabilities, that let's machines do what they do best and allows security analysts to do activities that can actually change the game. In this presentation, we talk about how DNIF users can build a use case on "Detecting Malicious IP Addresses" with the help of Kaspersky Threat Intelligence Portal.

Technology
1 of 18
© Copyright 2018 NETMONASTERY Inc Kaspersky Threat Intelligence Portal and DNIF Use-Cases 1 NETMONASTERY Inc.
© Copyright 2018 NETMONASTERY Inc 1. The first use case is one in which we run a lookup through Kaspersky based on the log information gathered by DNIF. We will be specifically looking at a scenario where Kaspersky lookup returns a safe IP report and DNIF appending that information to a list of whitelisted IPs. 2. The second use case is similar to the first but in this scenario we will explain how you could raise a module/ticket and send an alert email to all concerned personnel when Kaspersky Lookup returns a Malicious IP report Using Kaspersky with DNIF to Whitelist Safe IPs and Detect and Respond to Malicious IPs
© Copyright 2018 NETMONASTERY Inc 3 Use case 1 Detecting New Safe IPs and having them whitelisted
© Copyright 2018 NETMONASTERY Inc _fetch * from event where $LogName=APACHE2 AND $Duration=1h AND $LogType=WEBSERVER group count_unique $SrcIP, $UserAgent, $SrcCN limit 100 >>_checkif lookup safe_ips join $SrcIP = $SrcIP str_compare $SrcIP eq $SrcIP exclude >>_lookup kaspersky get_ip_report $SrcIP >>_checkif str_compare $KLZone eq 'Green' include >>_store in_disk safe_ips stack_append DNIF Query
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc 10 Use case 2 Detecting Malicious IP and taking responsive measures
© Copyright 2018 NETMONASTERY Inc _fetch * from event where $LogName=APACHE2 AND $Duration=1h AND $LogType=WEBSERVER group count_unique $SrcIP, $UserAgent, $SrcCN limit 100 >>_checkif lookup safe_ips join $SrcIP = $SrcIP str_compare $SrcIP eq $SrcIP exclude >>_lookup kaspersky get_ip_report $SrcIP >>_checkif str_compare $KLZone eq 'Red' include >>_raise module apache_webserver_base malicious_ip_detected $SrcIP 3 12h >>_trigger template_group apache_webserver_base malicious_ip_detected_temp notify_group groupname DNIF Query
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc
© Copyright 2018 NETMONASTERY Inc Thank You 18

Recommended

Modern Exploitation: Owning All of the Things
Modern Exploitation: Owning All of the ThingsModern Exploitation: Owning All of the Things
Modern Exploitation: Owning All of the ThingsPriyanka Aash
 
CVE Analysis using vFeed
CVE Analysis using vFeedCVE Analysis using vFeed
CVE Analysis using vFeedDNIF
 
VirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use CasesVirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use CasesDNIF
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...Jakub "Kuba" Sendor
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAmazon Web Services
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisBangladesh Network Operators Group
 

Recommended

Modern Exploitation: Owning All of the Things
Modern Exploitation: Owning All of the ThingsModern Exploitation: Owning All of the Things
Modern Exploitation: Owning All of the ThingsPriyanka Aash
 
CVE Analysis using vFeed
CVE Analysis using vFeedCVE Analysis using vFeed
CVE Analysis using vFeedDNIF
 
VirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use CasesVirusTotal Threat Intelligence and DNIF Use Cases
VirusTotal Threat Intelligence and DNIF Use CasesDNIF
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDefCamp
 
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon GuardDuty - Let's Attack My Account! - AWS Online Tech Talks
Amazon GuardDuty - Let's Attack My Account! - AWS Online Tech TalksAmazon Web Services
 
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...
BSidesLV 2016: Don't Repeat Yourself - Automating Malware Incident Response f...Jakub "Kuba" Sendor
 
AWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAWS Security Week: Lacework - Automating Cloud Security at Scale
AWS Security Week: Lacework - Automating Cloud Security at ScaleAmazon Web Services
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisBangladesh Network Operators Group
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Accelerating distributed joins in Apache Hive: Runtime filtering enhancements
Accelerating distributed joins in Apache Hive: Runtime filtering enhancementsAccelerating distributed joins in Apache Hive: Runtime filtering enhancements
Accelerating distributed joins in Apache Hive: Runtime filtering enhancementsStamatis Zampetakis
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Amazon Web Services
 
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONPDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONIJNSA Journal
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Editor IJMTER
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper ExposedSynack
 
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetScrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetRyan Wisniewski
 
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdfThe Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdfChristopher Doman
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago
 
Variables Creation using SAS on Longitudinal Data for Fraud Models
Variables Creation using SAS on Longitudinal Data for Fraud ModelsVariables Creation using SAS on Longitudinal Data for Fraud Models
Variables Creation using SAS on Longitudinal Data for Fraud ModelsKaitlyn Hu
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework
 
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Amazon Web Services
 
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateDEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateAmazon Web Services
 
Sean White- Kansas City
Sean White- Kansas CitySean White- Kansas City
Sean White- Kansas CitySplunk
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsAkond Rahman
 
SplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
SplunkLive! Atlanta Mar 2013 - University of Alabama at BirminghamSplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
SplunkLive! Atlanta Mar 2013 - University of Alabama at BirminghamSplunk
 
Decoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesDecoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesOWASPSeasides
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveDNIF
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 

More Related Content

Similar to Kaspersky Threat Intelligence Portal and DNIF Use Cases

INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Accelerating distributed joins in Apache Hive: Runtime filtering enhancements
Accelerating distributed joins in Apache Hive: Runtime filtering enhancementsAccelerating distributed joins in Apache Hive: Runtime filtering enhancements
Accelerating distributed joins in Apache Hive: Runtime filtering enhancementsStamatis Zampetakis
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Amazon Web Services
 
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONPDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONIJNSA Journal
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Editor IJMTER
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat Security Conference
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper ExposedSynack
 
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetScrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetRyan Wisniewski
 
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdfThe Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdfChristopher Doman
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago
 
Variables Creation using SAS on Longitudinal Data for Fraud Models
Variables Creation using SAS on Longitudinal Data for Fraud ModelsVariables Creation using SAS on Longitudinal Data for Fraud Models
Variables Creation using SAS on Longitudinal Data for Fraud ModelsKaitlyn Hu
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework
 
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Amazon Web Services
 
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateDEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateAmazon Web Services
 
Sean White- Kansas City
Sean White- Kansas CitySean White- Kansas City
Sean White- Kansas CitySplunk
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsAkond Rahman
 
SplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
SplunkLive! Atlanta Mar 2013 - University of Alabama at BirminghamSplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
SplunkLive! Atlanta Mar 2013 - University of Alabama at BirminghamSplunk
 
Decoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesDecoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesOWASPSeasides
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 

Similar to Kaspersky Threat Intelligence Portal and DNIF Use Cases (20)

INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Accelerating distributed joins in Apache Hive: Runtime filtering enhancements
Accelerating distributed joins in Apache Hive: Runtime filtering enhancementsAccelerating distributed joins in Apache Hive: Runtime filtering enhancements
Accelerating distributed joins in Apache Hive: Runtime filtering enhancements
 
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
Supercharge GuardDuty with Partners: Threat Detection and Response at Scale (...
 
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRONPDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
PDMLP: PHISHING DETECTION USING MULTILAYER PERCEPTRON
 
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
Analyzing the effectualness of Phishing Algorithms in Web Applications Inques...
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper Exposed
 
Scrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budgetScrapping for Pennies: How to implement security without a budget
Scrapping for Pennies: How to implement security without a budget
 
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdfThe Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
The Ultimate Guide to Docker & Kubernetes Forensics and Incident Response.pdf
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
 
AWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI reportAWS Chicago May 22 Security event - Redlock CSI report
AWS Chicago May 22 Security event - Redlock CSI report
 
Variables Creation using SAS on Longitudinal Data for Fraud Models
Variables Creation using SAS on Longitudinal Data for Fraud ModelsVariables Creation using SAS on Longitudinal Data for Fraud Models
Variables Creation using SAS on Longitudinal Data for Fraud Models
 
Lacework AWS Security Week Presentation
Lacework AWS Security Week PresentationLacework AWS Security Week Presentation
Lacework AWS Security Week Presentation
 
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
Best Practices for Scalable Monitoring (ENT310-S) - AWS re:Invent 2018
 
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with FargateDEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
DEM07 Best Practices for Monitoring Amazon ECS Containers Launched with Fargate
 
Sean White- Kansas City
Sean White- Kansas CitySean White- Kansas City
Sean White- Kansas City
 
Under-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes ManifestsUnder-reported Security Defects in Kubernetes Manifests
Under-reported Security Defects in Kubernetes Manifests
 
SplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
SplunkLive! Atlanta Mar 2013 - University of Alabama at BirminghamSplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
SplunkLive! Atlanta Mar 2013 - University of Alabama at Birmingham
 
Decoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP SeasidesDecoding the Art of Red Teaming - OWASP Seasides
Decoding the Art of Red Teaming - OWASP Seasides
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 

More from DNIF

Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveDNIF
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challengesDNIF
 
Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION
Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATIONThreat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION
Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATIONDNIF
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security EssentialsDNIF
 
Importance of having a vulnerability management | Vfeed
Importance of having a vulnerability management | Vfeed Importance of having a vulnerability management | Vfeed
Importance of having a vulnerability management | Vfeed DNIF
 
Anatomy of Persistence Techniques & Strategies to Detect
Anatomy of Persistence Techniques & Strategies to DetectAnatomy of Persistence Techniques & Strategies to Detect
Anatomy of Persistence Techniques & Strategies to DetectDNIF
 
User Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine LearningUser Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine LearningDNIF
 
Process Whitelisting With VirusTotal
Process Whitelisting With VirusTotalProcess Whitelisting With VirusTotal
Process Whitelisting With VirusTotalDNIF
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
Data Analytics in Cyber Security
Data Analytics in Cyber SecurityData Analytics in Cyber Security
Data Analytics in Cyber SecurityDNIF
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)DNIF
 
Mastering Next Gen SIEM Use Cases (Part 2)
Mastering Next Gen SIEM Use Cases (Part 2)Mastering Next Gen SIEM Use Cases (Part 2)
Mastering Next Gen SIEM Use Cases (Part 2)DNIF
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)DNIF
 

More from DNIF (14)

Beyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspectiveBeyond blacklists - A cyber threat intelligence perspective
Beyond blacklists - A cyber threat intelligence perspective
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOAR
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challenges
 
Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION
Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATIONThreat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION
Threat Intelligence and Cyber Security Challenges | KASPERSKY & DNIF INTEGRATION
 
Container Security Essentials
Container Security EssentialsContainer Security Essentials
Container Security Essentials
 
Importance of having a vulnerability management | Vfeed
Importance of having a vulnerability management | Vfeed Importance of having a vulnerability management | Vfeed
Importance of having a vulnerability management | Vfeed
 
Anatomy of Persistence Techniques & Strategies to Detect
Anatomy of Persistence Techniques & Strategies to DetectAnatomy of Persistence Techniques & Strategies to Detect
Anatomy of Persistence Techniques & Strategies to Detect
 
User Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine LearningUser Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine Learning
 
Process Whitelisting With VirusTotal
Process Whitelisting With VirusTotalProcess Whitelisting With VirusTotal
Process Whitelisting With VirusTotal
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
Data Analytics in Cyber Security
Data Analytics in Cyber SecurityData Analytics in Cyber Security
Data Analytics in Cyber Security
 
Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)Mastering Next Gen SIEM Use Cases (Part 3)
Mastering Next Gen SIEM Use Cases (Part 3)
 
Mastering Next Gen SIEM Use Cases (Part 2)
Mastering Next Gen SIEM Use Cases (Part 2)Mastering Next Gen SIEM Use Cases (Part 2)
Mastering Next Gen SIEM Use Cases (Part 2)
 
Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)Mastering Next Gen SIEM Use Cases (Part 1)
Mastering Next Gen SIEM Use Cases (Part 1)
 

Recently uploaded

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»QADay
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 

Recently uploaded (20)

Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 

Kaspersky Threat Intelligence Portal and DNIF Use Cases

  • 1. © Copyright 2018 NETMONASTERY Inc Kaspersky Threat Intelligence Portal and DNIF Use-Cases 1 NETMONASTERY Inc.
  • 2. © Copyright 2018 NETMONASTERY Inc 1. The first use case is one in which we run a lookup through Kaspersky based on the log information gathered by DNIF. We will be specifically looking at a scenario where Kaspersky lookup returns a safe IP report and DNIF appending that information to a list of whitelisted IPs. 2. The second use case is similar to the first but in this scenario we will explain how you could raise a module/ticket and send an alert email to all concerned personnel when Kaspersky Lookup returns a Malicious IP report Using Kaspersky with DNIF to Whitelist Safe IPs and Detect and Respond to Malicious IPs
  • 3. © Copyright 2018 NETMONASTERY Inc 3 Use case 1 Detecting New Safe IPs and having them whitelisted
  • 4. © Copyright 2018 NETMONASTERY Inc _fetch * from event where $LogName=APACHE2 AND $Duration=1h AND $LogType=WEBSERVER group count_unique $SrcIP, $UserAgent, $SrcCN limit 100 >>_checkif lookup safe_ips join $SrcIP = $SrcIP str_compare $SrcIP eq $SrcIP exclude >>_lookup kaspersky get_ip_report $SrcIP >>_checkif str_compare $KLZone eq 'Green' include >>_store in_disk safe_ips stack_append DNIF Query
  • 5. © Copyright 2018 NETMONASTERY Inc
  • 6. © Copyright 2018 NETMONASTERY Inc
  • 7. © Copyright 2018 NETMONASTERY Inc
  • 8. © Copyright 2018 NETMONASTERY Inc
  • 9. © Copyright 2018 NETMONASTERY Inc
  • 10. © Copyright 2018 NETMONASTERY Inc 10 Use case 2 Detecting Malicious IP and taking responsive measures
  • 11. © Copyright 2018 NETMONASTERY Inc _fetch * from event where $LogName=APACHE2 AND $Duration=1h AND $LogType=WEBSERVER group count_unique $SrcIP, $UserAgent, $SrcCN limit 100 >>_checkif lookup safe_ips join $SrcIP = $SrcIP str_compare $SrcIP eq $SrcIP exclude >>_lookup kaspersky get_ip_report $SrcIP >>_checkif str_compare $KLZone eq 'Red' include >>_raise module apache_webserver_base malicious_ip_detected $SrcIP 3 12h >>_trigger template_group apache_webserver_base malicious_ip_detected_temp notify_group groupname DNIF Query
  • 12. © Copyright 2018 NETMONASTERY Inc
  • 13. © Copyright 2018 NETMONASTERY Inc
  • 14. © Copyright 2018 NETMONASTERY Inc
  • 15. © Copyright 2018 NETMONASTERY Inc
  • 16. © Copyright 2018 NETMONASTERY Inc
  • 17. © Copyright 2018 NETMONASTERY Inc
  • 18. © Copyright 2018 NETMONASTERY Inc Thank You 18