Lets Automate It

from Josh Rickard

Swimlane and Cylance PROTECT: Endpoint Threat Response

2019-10-18 swimlane Josh Rickard
Swimlane and Blackberry Cylance have partnered to offer a new use case that combines the power of security orchestration, automation and response (SOAR) with Cylance PROTECT’s integrated threat prevention solution. The Proactive Endpoint Threat Response use case utilizes our integration to take a proactive response to detections identified by Cylance PROTECT. By ingesting detections from Cylance PROTECT, Swimlane can automate and orchestrate the enrichment of detections using multiple open source intelligence (OSINT) platforms to identify malicious files proactively that are similar or related to a specific variant identified by Cylance. Continue reading
soar Cylance Endpoint

Understanding APIs: REST

2019-10-17 swimlane Josh Rickard
Security orchestration, automation and response (SOAR) platforms rely heavily on APIs (application programming interfaces) to drive orchestration of disparate security tools (products) and invoke desired responses in the form of actions. Besides SOAR products, APIs are commonplace among almost all services, tools, and products used by technical workers. Even though APIs are extremely common, you may not have experience using them or even know that a service has one when interacting with it. Continue reading
api rest

Vulnerability Management Program Best Practices

2019-08-15 swimlane Josh Rickard
Nowadays most organizations have begun to implement a Vulnerability Management Program (VMP), but implementing one is daunting. Most organizations realize they either have no true categorical ownership over systems or they lack the authority to enforce remediation of identified vulnerabilities. Either way, it is time consuming to track down and enforce a true VMP within many organizations. What is a Vulnerability Management Program? If you are new to implementing a VMP, then you first must understand what vulnerability management is. Continue reading
vulnerability management secops

Every Security Team Is a Software Team Now

2019-08-01 swimlane Josh Rickard
Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square. “Every Security Team is a Software Team Now” promises to dive into the latest iteration of security operations as current security teams morph into in-house security software teams, delivering multi-vertical value through self-service platforms and tools. Continue reading
automation blackhat devops secops devsecops

Microsoft Defender Advanced Threat Detection Queries

2019-07-18 swimlane Josh Rickard
Recently, I shared on Twitter how you could run a query to detect if a user has clicked on a link within their Outlook using Microsoft Defender Advanced Threat Protection (MDATP). If you are not familiar, MDATP is available within your Microsoft 365 E5 license and is an enhancement to the traditional Windows Defender you might be used to. What is Microsoft Defender Advanced Threat Protection? Microsoft says that “Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Continue reading
automation microsoft defender atp oauth2 python powershell tool

Swimlane's Research Teams Open Sources pyattck

2019-07-11 swimlane Josh Rickard
As security teams adopt the Mitre ATT&CK Framework to help them identify gaps in their defenses, having a way to identify what malware and tools are being used by specific actors or groups becomes more critical. Additionally, having a way to identify these relationships programatically is even more critical. Today, we are excited to announce the Swimlane research team has released pyattck — a Python package to interact with the Mitre ATT&CK Framework. Continue reading
automation MITRE python tool

Swimlane Open Sources graphish to Help SecOps Teams

2019-06-19 swimlane Josh Rickard
While having a conversation on Twitter about Microsoft Graph API I was convinced that the traditional Exchange eDiscovery features were not available in the Microsoft Graph API. Boy was I wrong. After stumbling across a few endpoints I had not seen previously, I decided to write a python package called graphish. graphish is an open-source python package Swimlane is open-sourcing that will enable IT, security operations (SecOps), developers and others to search and delete email messages from mailboxes using the Microsoft Graph API. Continue reading
automation exchange o365 python graph tool
Older posts Newer posts
© 2018 by Lednerb - RSS
Bilberry Hugo Theme