In this post I will explain the difference between UUID versions and which versions are best suited to different scenarios when modelling threat intelligence.
The Signals Corps blog
STIX 2.1 109: Choosing a UUID version to generate STIX Object IDs
Tutorials Stix December 12, 2022
CACAO Playbooks 104: Authoring
Tutorials Cacao December 12, 2022
In this post I will show you how to create a Playbook from scratch.
CACAO Playbooks 103: Integrations
Tutorials Cacao November 28, 2022
In this post I will look at integrating CACAO playbooks into other products (MISP) and other standards (STIX 2.1).
CACAO Playbooks 102: Building Workflows
Tutorials Cacao November 14, 2022
In this post I will show you how workflows inside a playbook can be created so you can start to construct your own.
CACAO Playbooks 101: Basic Structure
Tutorials Cacao October 31, 2022
In this post I will introduce the basic concepts of OASIS CACAO playbooks and how they can be used.
STIX 2.1 104.5: Creating Extension Schemas
Tutorials Stix October 17, 2022
In this post I will show you how I craft STIX schemas for STIX 2.1 Extensions.
MITRE ATT&CK 109: Sightings
Tutorials Att&ck August 22, 2022
In this bonus tutorial post I delve into MITRE’s ATT&CK Sightings initiative.
MITRE ATT&CK 108: My favourite talks from MITRE's ATT&CKCON 3.0
Tutorials Att&ck August 08, 2022
In this post I end the tutorial series with some real world examples of how ATT&CK is being used from the most recent ATT&CKCON.
MITRE ATT&CK 107: Integrating Workbench Data to Other Tools
Tutorials Att&ck July 25, 2022
In this post I will show you how to export and share your custom versions of ATT&CK.
MITRE ATT&CK 106: Using the Workbench to Create Custom Objects
Tutorials Att&ck July 11, 2022
In this post I will show you I will show you how to create new and and edit existing ATT&CK Objects.
MITRE ATT&CK 105: Threat Report ATT&CK Mapping (TRAM)
Tutorials Att&ck June 27, 2022
In this post I will show you how to turn unstructured data into structured threat intelligence with ATT&CK context.
MITRE ATT&CK 104: Using Navigator for Detection
Tutorials Att&ck June 13, 2022
In this post I will show you how to systematically improve up your defenses using the MITRE ATT&CK Navigator.
MITRE ATT&CK 103: Modelling Intelligence Using Navigator
In this post I will show you how to track ATT&CK Tactics and Techniques against intelligence reports using the ATT&CK Navigator.
MITRE ATT&CK 102: STIX 2.1 Customisation
In this post I review of all the Custom STIX 2.1 Objects and Properties used by the ATT&CK.
MITRE ATT&CK 101: Data Structure
In this post I take a look at how the framework is structured on STIX 2.1 Objects.
Sigma Rules 109: Translation to STIX Objects
Sigma Tutorials April 18, 2022
In this post I will explain why you might want to turn Sigma Rules into STIX Objects and show an example of how it could be done.
Sigma Rules 107: Sigmac
Tutorials Sigma March 21, 2022
In this post I will show you how to use Sigmac to automatically transform your Sigma Rules into other target query languages.
Sigma Rules 106: Writing Splunk detections in SPL
Tutorials Sigma March 07, 2022
In this post I will take a look at creating basic SPL searches for Splunk (and show a manual conversion of a Sigma rule to a Splunk Detection).
Sigma Rules 105: Writing Detections in Kusto for Microsoft Sentinel
Tutorials Sigma February 21, 2022
In this post I will take a look at creating basic Kusto rules for Microsoft Sentinel (and show a manual conversion of a Sigma rule to Kusto rule).
Sigma Rules 104: Writing Detections in YARA-L for Google Chronicle
Tutorials Sigma February 07, 2022
In this post I will take a look at creating basic YARA-L for Google Chronicle (and show a manual conversion of a Sigma rule to YARA-L format).
Sigma Rules 103: Writing Detections (Conditions)
Tutorials Sigma January 24, 2022
In this post I will dive into how to define conditions to create complex detection criteria for Sigma Rules.
Sigma Rules 102: Writing Detections (Search Identifiers)
Tutorials Sigma January 10, 2022
In this post I will dive into the details of Sigma detection logic and how to start writing more advanced rules.
Sigma Rules 101: Metadata and Logsources
Tutorials Sigma December 27, 2021
In this post I will introduce the structure of Sigma Rules and how to write attributes to support detection content
TAXII 2.1 105: TAXII Clients
Tutorials Taxii November 29, 2021
In this post I will show you a quick start guide to using Oasis’s open-source TAXII Client, cti-taxii-client.
TAXII 2.1 104: Medallion TAXII Server
Tutorials Taxii November 15, 2021
In this post I will show an open-source TAXII Server allowing you to quickly get up and running to share intelligence.
TAXII 2.1 103: Updating Objects in Collections
Tutorials Taxii November 01, 2021
In this post I will show intelligence producers how to add and remove STIX 2.1 Objects using a TAXII Server API.
TAXII 2.1 102: Consuming Objects in Collections
Tutorials Taxii October 18, 2021
In this post I will walk through how TAXII Clients logically consume cyber threat intelligence from Collections using a TAXII 2.1 API.
TAXII 2.1 101: TAXII Concepts
Tutorials Taxii October 04, 2021
In this post I will give you an introduction of TAXII 2.1 concepts to prepare you for the following posts in the tutorial series.
STIX 2.1 107: Tooling
Tutorials Stix August 23, 2021
In this post I will introduce you to a few tools that will help you create and manage STIX 2.1 content.
STIX 2.1 106: Bundling
Tutorials Stix August 09, 2021
In this post I will show you how to package your STIX Objects so that they can be shared with others and integrated with other software.
STIX 2.1 105: Versioning
In this post I will show you some best practices for modifying STIX Objects by implementing proper versioning.
STIX 2.1 104: Customisation
In this post I will talk about customising STIX Objects when the predefined specification does not meet the needs of a data creators.
STIX 2.1 103: Patterns
In this post I will deconstruct STIX Patterns and demonstrate how to write effective detection rules (aka patterns).
STIX 2.1 102: Relationships
In this post I will talk about how STIX 2.1 Objects can be connected to build a complete picture of a threat.
STIX 2.1 101: Objects
In this post I will introduce some of the basic STIX concepts with a focus on STIX 2.1 Domain Objects (SDOs).