Previously, we compiled a number of useful JQ command routines for fast malware PCAP network...
Operating since 2008, the shadowy figure of Fancy Bear has emerged as a formidable force in the...
In aprevious blog post, we compiled a number of useful JQ command routines for fast malware PCAP...
If you have ever worked for a large enterprise, then you may be familiar with the term “enterprise...
When a threat researcher is investigating malware behavior and traces on the network, they need a...
Back in 2022, I did a Suricon presentation titled Jupyter Playbooks for Suricata. This led into a...
In our past series, “Threat! What Threats?” we covered the topic of phishing in a generic way, but...
Visualizing network security logs or data is a crucial aspect of effectively analyzing and...
Today I am thrilled to share some incredible news. It is with great excitement and pride that I...
This week’s guided threat hunting blog focuses on hunting for high-entropy NRD (newly registered...
Every day, new Internet domains are registered through the Domain Name System (DNS) as a natural...
One of the unique innovations in the Stamus Security Platform is the feature known as Declaration...
Have you ever counted how many computer devices, smart IoT gadgets, TV’s, kitchen appliances,...
Yesterday (18-July-2023) the OISF announced the general availability of Suricata version 7. It’s...
When an organization wants to learn more about the tactics, techniques, and procedures (TTP) used...
In the past few blog posts, we have discussed at length the importance of creating a comprehensive...
The cyber kill chain is a widely-used framework for tracking the stages of a cyber attack on an...
On 15-June-2023 the OISF announced a new release of Suricata (6.0.13) which fixes a potential...
Endpoint security is one of the most common cybersecurity practices used by organizations today....
Network security plays a crucial role in today's digital landscape as it safeguards sensitive...
Cyber threats are becoming increasingly sophisticated and pervasive, causing organizations to place...
Are you looking to improve your threat hunting and network based forensic analysis skills with...
Threat hunting is a common practice for many mature security organizations, but it can be time...
Writing Suricata rules has never been easier or faster since the release of the Suricata Language...
This is the third post in a series based on my Suricon 2022 talk “Jupyter Playbooks for Suricata”....
Today, we announced the general availability of Update 39 (U39) - the latest release of the Stamus...
Recently, we released a blog post detailing how you can solve the Unit 42 Wireshark quiz for...
A couple of weeks ago, we covered how Stamus Security Platform (SSP) users can harness the power of...
This blog describes how to solve the Unit 42 Wireshark quiz for January 2023 with SELKS instead of...
Intrusion Detection Systems (IDS) can be powerful threat detection tools, but IDS users frequently...
This is the second post in a series that will be based on my Suricon 2022 talk “Jupyter Playbooks...
In a recent conversation, one of our customers shared their concerns about the use of ChatGPT in...
This blog describes the steps Stamus Networks customers may take to determine if any of your...
This is the first post in a series that will be based on my Suricon 2022 talk “Jupyter Playbooks...
Because cybersecurity teams face numerous threats from bad actors that are continually devising new...
When it comes to cyber threats, we understand that a threat to one organization can quickly become...
This week’s guided threat hunting blog focuses on verifying a policy enforcement of domain...
Maintaining an effective security posture is difficult enough for any organization. But for those...
A while back I wrote a blog post about a packet filtering subcommand I implemented into GopherCAP....
As we celebrate the beginning of another new year, we’d like to take a glimpse back at the news,...
It is not uncommon to see executable file transfers within an organization. However, it is...
BlackHat Europe 2022 was the last conference of an eventful year for our team at Stamus Networks....
2022 is coming to an end, and as we wrap up another great year at Stamus Networks I wanted to take...
SELKS is a turnkey Suricata-based IDS/IPS/NSM ecosystem that combines several free, open-source...
When you already know the specific attacks faced by your organization, then the basic detection...
Punycode domains have traditionally been used by malware actors in phishing campaigns. These...
Just a few weeks after our last event, Suricon 2022, Stamus Networks is heading off to London for...
The latest version (1.0.1) of the Stamus App for Splunk adds TLS cipher suite analysis. Conducting...
Intrusion detection systems (IDS) function incredibly well when it comes to making signature based...
Last week our team was in Athens for the biggest Suricata conference this year - Suricon 2022. The...
As we celebrate the first week after launching our new book “The Security Analyst’s Guide to...
When you see a domain request from a user/client to a non-local or otherwise unfamiliar or...
This blog describes the steps Stamus Networks customers may take to determine if any of your...
TL;DR
Stamus Networks uses OpenSSL in the Stamus Security Platform (SSP) as well as our open source
Non-local domain requests from the user/client network could signal trouble for an organization....
Each year, Suricon attracts visitors from all over the world for three days of knowledge sharing...
DNS over HTTPS (DoH) is a network protocol used to protect the data and privacy of users by...
Command-and-control (C2) attacks are bad news for any organization. Attackers use C2 servers to...
Plain text executables (such as those downloaded from a PowerShell user agent) are often seen on...
Intrusion detection systems (IDS) have proven to be a highly effective and commonly used method of...
This week in our series on guided threat hunting, we are focusing on locating internal use of...
This week’s guided threat hunting blog focuses on hunting for foreign domain infrastructure usage...
This week’s guided threat hunting blog focuses on hunting for Let’s encrypt certificates that were...
In this week’s guided threat hunting blog, we will focus on hunting for Let’s Encrypt certificates...
In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to identify...
This week’s threat detection blog dives deeper into a common type of malware, remote access trojans...
In this week’s guided threat hunting blog, we focus on using Stamus Security Platform to uncover...
In this week’s threat detection blog, we will be reviewing a financially-motivated threat that is...
This week’s guided threat hunting blog focuses on a specific policy violation - the use of...
This week we are taking a closer look at Shadow IT, which is the use of information technology by...
This week’s guided threat hunting blog focuses on policy violations; specifically, violations...
For week 2 of our series on guided threat hunting, we will be reviewing a hunting technique to...
Last week Stamus Networks participated in BlackHat USA 2022, an international cybersecurity...
So, what’s next? You’ve had a successful hunt, uncovered some type of threat or anomalous behavior...
In addition to deploying advanced detection technologies, many security teams make threat hunting...
Stamus Security Platform is loaded with features that help security teams leverage network traffic...
Phishing is commonly regarded as the most common and effective way attackers can gain access into a...
In this article, we will review one of the most important and critical phases on the cyber kill...
One of the first network-related indications of a botnet or peer-to-peer (P2P) malware infection is...
In this article I want to highlight one of the tactics used by malicious actors to move within your...
In the first article of this series -- Threats! What Threats? -- I mentioned that my colleague,...
When the leadership team at Stamus Networks sat down to discuss our core principles we had to...
When a company decides to capture its core principles, it is important to set expectations on how...
In this series of articles we share hands-on experience from active hunts in the real world. We...
When the leadership team at Stamus Networks got together to capture the core principles of our...
In developing our core principles, the leadership team at Stamus Networks discussed the way we view...
Trust is the foundation of any working relationship. Without it, two organizations cannot amicably...
The world of cybersecurity is rapidly changing and enterprises have to quickly adapt in order to...
RSA Conference San Francisco is back in June 2022 and we are excited to once again be a part of one...
Successful businesses need to maintain a transparent framework which guides their daily practices....
The International Cybersecurity Forum (FIC) is an annual event focused on the operational...
When someone sees a great product, the reaction is often the same. Customers frequently consider...
Today I want to give you a brief tour of what’s new in Update 38 of the Stamus Security Platform...
Perhaps the most exciting thing about the release of SELKS 7 is the various practical applications...
This series introduces SELKS 7, the latest update to the free, open-source, turn-key Suricata based...
In this series, you will get an overview of the SELKS 7 platform, the new updates and functionality...
Existing systems that aggregate network security alerts and metadata do not properly detect and...
With two Cyber Security Summits already behind us, we are ready for the next one. On 7 April 2022,...
On 25 March 2022, my colleague Ed Mohr and I will be attending the Cyber Security Summit in...
In the first article of this series –Threats! What Threats? – I mentioned that my colleague, Steve...
We talk often about “threats” and “threat detection” in our marketing materials and in discussions...
Re-Introduction to PCAP Replay and GopherCAP
A while back we introduced GopherCAP, a simple tool...
This week my colleagues Phil Owens, Charlie Provenza and I will be attending and sponsoring our...
In this series of articles, we explore a set of use cases that we have encountered in real-world...
Security monitoring is perhaps the least discussed element of a Zero Trust strategy
Over the past...
In the previous article of the “Feature Spotlight” series, we discussed how to pivot from IDS alert...
Sometimes, even after extensive training, we forget about important features or ways of using a...
Following the 10-December-2021 announcement of (CVE-2021-44228), Log4shell scanners have begun to...
So, you are considering migrating your legacy or aging intrusion detection and prevention system...
Regular readers of this blog and friends of Stamus Networks will know that we are very closely...
Extended detection and response, or XDR, has generated substantial interest in recent years - and...
On 16 November 2021, my colleague Ed Mohr and I will be giving our second talk entitled “The Case...
Believe it or not, you can launch a turnkey Suricata IDS/IPS/NSM installation – with as few as 4...
The importance of having a strong security team has been growing in recent years, and many...
Next week, Stamus Networks will participate for the first time in SecurityCON, a virtual...
At next week's Suricon 2021, I'll be sharing real world examples of how a new Splunk App can help...
As I mentioned in the introductory article in this series (see here >>), Suricata produces not only...
On 12 October 2021, my colleague Ed Mohr and I will be giving a talk entitled “The Case for...
On 6 October 2021, I’ll be giving a talk entitled “Data Mining TLS Network Traffic.” This is...
Here at Stamus Networks, we are strongly committed to open-source and believe that ease of use has...
When the blue team needs to mount a network defense, they must answer some very common questions:
- ...
In my last blog article, I introduced some of the factors that have contributed to our successes...
Last month, I posted a blog article (Read it here >>) that introduced the new capabilities of our...
In cybersecurity as soon as you stand still, you’re falling behind. Change, whether it’s in the...
Hello and welcome to my first blog article here at Stamus Networks. My name is Phil Owens and I am...
Suricata, the open source intrusion detection (IDS), intrusion prevention (IPS), and network...
Stamus Security Platform (SSP) helps bank identify threat to its accounting network
With the help...
In this series of articles, we explore a set of use cases that we have encountered in real-world...
Recently, Stamus Networks introduced outgoing webhook capabilities to its Stamus Security Platform....
Background
As we have previously written, for all Suricata’s capabilities, building out an...
Background
As we have previously written, for all Suricata’s capabilities, building out an...
Background
As we have previously written, for all Suricata’s capabilities, building out an...
For all Suricata’s capabilities, building out an enterprise-scale deployment of Suricata with...
Exciting news - the OISF just announced that Suricata 6 is now available. This is the culmination...
Cyber security and IT executives today are facing unprecedented challenges: new and increasingly...
Threat hunting—the proactive detection, isolation, and investigation of threats that often evade...
In this series of articles, we will explore a set of use cases that we have encountered in...
Stamus Networks? They are the Suricata company aren’t they? And Suricata? It’s an open source IDS...
As mentioned in an earlier article, organizations seeking to identify cyber threats and mitigate...
Organizations seeking to proactively identify and respond to cyber threats in order to mitigate...
Sometimes the greatest vulnerabilities and risks an organization faces are created by users'...
Today we announced the general availability of Scirius Threat Radar (now called Stamus NDR), a...
Every great story begins with the first chapter. And with each new chapter the characters develop...
SELKS 6 is out!
If you are still teleworking, you may wish to test and deploy this new edition to...
SELKS 5 is out! Thank you to the whole community for your help and feedback! Thank you to all the...
Hi!Yet another upgrade of our SELKS. We are very thankful to all the great Open Source projects and...
Hey! Our new and upgraded showcase for Suricata has just been released - SELKS5 Beta. Thanks to...
Following the release of Scirius Community Edition 2.0, Stamus Networks is happy to announce the...
Stamus Networks is proud to announce the availability of Scirius Community Edition 2.0. This is the...
After a very valuable round of testing and feedback from the community we are pleased to announce...
Stamus Networks is proud to announce the availability of Scirius 1.2.0. This release of our...
Yes, we did it: the most awaited SELKS 3.0 is out. This is the first stable release of this new...
Stamus Networks is proud to announce the availability of version 1.0, nicknamed "glace à la...
After some hard team work, Stamus Networks is proud to announce the availability of SELKS 3.0RC1.
Stamus Networks is proud to announce the availability of Scirius 1.1.6. This new release brings...
Stamus Networks is proud to announce the availability of the first technology preview of Amsterdam.
Stamus Networks team is proud to announce the availability of Scirius 1.1. This new release brings...
Introduction
This is a short tutorial of how you can find and store to disk a self signed TLS...
Stamus Networks is proud to announce the availability of SELKS 2.0 release.
Stamus Networks is proud to announce the availability of Scirius 1.0. This is the first stable...
Stamus Networks is proud to announce the availability of the third release candidate of Scirius...
Stamus Networks is proud to announce the availability of SELKS 2.0 BETA1 release. With Jessie...
Stamus Networks is proud to announce the availability of the second release candidate of Scirius...
Introduction
Elasticsearch and Kibana are wonderful tools but as all tools you need to know their...
Stamus Networks is proud to announce the availability of SELKS 1.1 stable release. SELKS is both...
Stamus Networks supports its own generic and standard Debian Wheezy 64 bit packaging repositories...
After giving a talk about malware detection and suricata, Eric Leblond gave a lightning talk to...
Stamus Networks is proud to announce the availability of SELKS 1.0 stable release. SELKS is both...
Stamus Networks is proud to announce the availability of SELKS 1.0 RC1. This is the first release...
Stamus Networks is proud to announce the availability of the version 0.8 of Scirius, the web...
Thanks to the EVE JSON events and alerts format that appear in Suricata 2.0, it is now easy to...
The Ubuntu used in this tutorial:
I've given a talk entitled "Suricata 2.0, Netfilter and the PRC" at the Hackito Ergo Sum conference.
This is the first blog post on Stamus Networks technical blog. You will find here posts focused on...
