About Tonio

Tonio

Hello, I have just found a number of collaborators accounts on our SOAR platform been disabled. Since nobody from my team did this, I suppose some kind of conditions were matched, like long absence or similar.Is there a way to know what these conditi...

Tonio

Hello everyone,We activated most of the curated detection rules that are available within SecOps SIEM (about 150 of them), but we are receiving close to none alerts from them (only one or two have been triggered so far). For how much I whish to think...

Tonio · 05-27-2024

Hello everybody!A client requested to inject "Sharepoint" into their SIEM instance so, as usual, the first thing I have done was to check with the supported log type list. Here I can find, as supporter but not available: "Microsoft SharePoint - SHARE...

Tonio · 05-13-2024

Hello everyone,I am trying to develop a new integration/action, and from the IDE documentation I see the 'SiemplifyAction' library, much useful to extrapolate and work with info from the case/alerts. From these pages I see details on its modules but ...

Tonio · 04-10-2024

Hello everyone,I am having a quite hard time trying to parse a MalwareByte logs in CEF + KV format, since the kv pairs are separated by a simple space and several values contains spaces as well. Here a (reconstructed) example: <13>Apr 8 14:59:06 cerc...

Tonio

I see! Thanks for your replies everyone!A 

Tonio · 05-27-2024

Many thanks @manthavish!May I ask you also some more insights about this? Since I have no familiarity with this product, how much should I concern myself about not-auditing logs? Would I find relevant security-related info also in those? Thanks again...

Tonio · 05-21-2024

Those are quite the good hints. Thanks Moseis, I will definitely dive in them.A

Tonio · 04-10-2024

That's great @mikewilusz! thanks so much for the fast solution. So it cames out that the capturing group functions are available, do you confirm? I must have misread about it!Many thanks again! A

Tonio · 03-07-2024

That's just the customer request. I am kind of understanding that's the best way to go by a long shot, so I will try to push it.Still, it would be good to know if there is a different way, as a general knowledge.thanksA

My Stats

Tonio's Bio

Badges Tonio Earned

Recent Activity

What are the triggers that automatic disable SOAR accounts?

Better understanding of curated detection rules

Sharepoint parser or not?

Is there any SiemplifyAction library classes/objects list?

Parsing CEF format or other fields containing separator character within

Re: What are the triggers that automatic disable SOAR accounts?

Re: Sharepoint parser or not?

Re: Is there any SiemplifyAction library classes/objects list?

Re: Parsing CEF format or other fields containing separator character within

Re: Ingesting Windows logs into Chronicle