Blog

The Signals Corps blog

• 

  STIX 2.1 109: Choosing a UUID version to generate STIX Object IDs

  Tutorials Stix December 12, 2022

  In this post I will explain the difference between UUID versions and which versions are best suited to different scenarios when modelling threat intelligence.

  Read More
• 

  CACAO Playbooks 104: Authoring

  Tutorials Cacao December 12, 2022

  In this post I will show you how to create a Playbook from scratch.

  Read More
• 

  CACAO Playbooks 103: Integrations

  Tutorials Cacao November 28, 2022

  In this post I will look at integrating CACAO playbooks into other products (MISP) and other standards (STIX 2.1).

  Read More
• 

  CACAO Playbooks 102: Building Workflows

  Tutorials Cacao November 14, 2022

  In this post I will show you how workflows inside a playbook can be created so you can start to construct your own.

  Read More
• 

  CACAO Playbooks 101: Basic Structure

  Tutorials Cacao October 31, 2022

  In this post I will introduce the basic concepts of OASIS CACAO playbooks and how they can be used.

  Read More
• 

  STIX 2.1 104.5: Creating Extension Schemas

  Tutorials Stix October 17, 2022

  In this post I will show you how I craft STIX schemas for STIX 2.1 Extensions.

  Read More
• 

  MITRE ATT&CK 109: Sightings

  Tutorials Att&ck August 22, 2022

  In this bonus tutorial post I delve into MITRE’s ATT&CK Sightings initiative.

  Read More
• 

  MITRE ATT&CK 108: My favourite talks from MITRE's ATT&CKCON 3.0

  Tutorials Att&ck August 08, 2022

  In this post I end the tutorial series with some real world examples of how ATT&CK is being used from the most recent ATT&CKCON.

  Read More
• 

  MITRE ATT&CK 107: Integrating Workbench Data to Other Tools

  Tutorials Att&ck July 25, 2022

  In this post I will show you how to export and share your custom versions of ATT&CK.

  Read More
• 

  MITRE ATT&CK 106: Using the Workbench to Create Custom Objects

  Tutorials Att&ck July 11, 2022

  In this post I will show you I will show you how to create new and and edit existing ATT&CK Objects.

  Read More
• 

  MITRE ATT&CK 105: Threat Report ATT&CK Mapping (TRAM)

  Tutorials Att&ck June 27, 2022

  In this post I will show you how to turn unstructured data into structured threat intelligence with ATT&CK context.

  Read More
• 

  MITRE ATT&CK 104: Using Navigator for Detection

  Tutorials Att&ck June 13, 2022

  In this post I will show you how to systematically improve up your defenses using the MITRE ATT&CK Navigator.

  Read More
• 

  MITRE ATT&CK 103: Modelling Intelligence Using Navigator

  Tutorials Att&ck May 30, 2022

  In this post I will show you how to track ATT&CK Tactics and Techniques against intelligence reports using the ATT&CK Navigator.

  Read More
• 

  MITRE ATT&CK 102: STIX 2.1 Customisation

  Tutorials Att&ck May 16, 2022

  In this post I review of all the Custom STIX 2.1 Objects and Properties used by the ATT&CK.

  Read More
• 

  MITRE ATT&CK 101: Data Structure

  Tutorials Att&ck May 02, 2022

  In this post I take a look at how the framework is structured on STIX 2.1 Objects.

  Read More
• 

  Sigma Rules 109: Translation to STIX Objects

  Sigma Tutorials April 18, 2022

  In this post I will explain why you might want to turn Sigma Rules into STIX Objects and show an example of how it could be done.

  Read More
• 

  Sigma Rules 107: Sigmac

  Tutorials Sigma March 21, 2022

  In this post I will show you how to use Sigmac to automatically transform your Sigma Rules into other target query languages.

  Read More
• 

  Sigma Rules 106: Writing Splunk detections in SPL

  Tutorials Sigma March 07, 2022

  In this post I will take a look at creating basic SPL searches for Splunk (and show a manual conversion of a Sigma rule to a Splunk Detection).

  Read More
• 

  Sigma Rules 105: Writing Detections in Kusto for Microsoft Sentinel

  Tutorials Sigma February 21, 2022

  In this post I will take a look at creating basic Kusto rules for Microsoft Sentinel (and show a manual conversion of a Sigma rule to Kusto rule).

  Read More
• 

  Sigma Rules 104: Writing Detections in YARA-L for Google Chronicle

  Tutorials Sigma February 07, 2022

  In this post I will take a look at creating basic YARA-L for Google Chronicle (and show a manual conversion of a Sigma rule to YARA-L format).

  Read More
• 

  Sigma Rules 103: Writing Detections (Conditions)

  Tutorials Sigma January 24, 2022

  In this post I will dive into how to define conditions to create complex detection criteria for Sigma Rules.

  Read More
• 

  Sigma Rules 102: Writing Detections (Search Identifiers)

  Tutorials Sigma January 10, 2022

  In this post I will dive into the details of Sigma detection logic and how to start writing more advanced rules.

  Read More
• 

  Sigma Rules 101: Metadata and Logsources

  Tutorials Sigma December 27, 2021

  In this post I will introduce the structure of Sigma Rules and how to write attributes to support detection content

  Read More
• 

  TAXII 2.1 105: TAXII Clients

  Tutorials Taxii November 29, 2021

  In this post I will show you a quick start guide to using Oasis’s open-source TAXII Client, cti-taxii-client.

  Read More
• 

  TAXII 2.1 104: Medallion TAXII Server

  Tutorials Taxii November 15, 2021

  In this post I will show an open-source TAXII Server allowing you to quickly get up and running to share intelligence.

  Read More
• 

  TAXII 2.1 103: Updating Objects in Collections

  Tutorials Taxii November 01, 2021

  In this post I will show intelligence producers how to add and remove STIX 2.1 Objects using a TAXII Server API.

  Read More
• 

  TAXII 2.1 102: Consuming Objects in Collections

  Tutorials Taxii October 18, 2021

  In this post I will walk through how TAXII Clients logically consume cyber threat intelligence from Collections using a TAXII 2.1 API.

  Read More
• 

  TAXII 2.1 101: TAXII Concepts

  Tutorials Taxii October 04, 2021

  In this post I will give you an introduction of TAXII 2.1 concepts to prepare you for the following posts in the tutorial series.

  Read More
• 

  STIX 2.1 107: Tooling

  Tutorials Stix August 23, 2021

  In this post I will introduce you to a few tools that will help you create and manage STIX 2.1 content.

  Read More
• 

  STIX 2.1 106: Bundling

  Tutorials Stix August 09, 2021

  In this post I will show you how to package your STIX Objects so that they can be shared with others and integrated with other software.

  Read More
• 

  STIX 2.1 105: Versioning

  Tutorials Stix July 26, 2021

  In this post I will show you some best practices for modifying STIX Objects by implementing proper versioning.

  Read More
• 

  STIX 2.1 104: Customisation

  Tutorials Stix July 12, 2021

  In this post I will talk about customising STIX Objects when the predefined specification does not meet the needs of a data creators.

  Read More
• 

  STIX 2.1 103: Patterns

  Tutorials Stix June 28, 2021

  In this post I will deconstruct STIX Patterns and demonstrate how to write effective detection rules (aka patterns).

  Read More
• 

  STIX 2.1 102: Relationships

  Tutorials Stix June 14, 2021

  In this post I will talk about how STIX 2.1 Objects can be connected to build a complete picture of a threat.

  Read More
• 

  STIX 2.1 101: Objects

  Tutorials Stix May 31, 2021

  In this post I will introduce some of the basic STIX concepts with a focus on STIX 2.1 Domain Objects (SDOs).

  Read More