Sqrrl Blog

Dec 7, 2016 12:15:08 PM

Threat Hunter Profile - Travis Barlow

TravisBnWFull.jpg 

Name: Travis Barlow

Organization: GoSecure

Years hunting: 7

Favorite datasets: Firewall/Switch/Server logs, DNS logs, Netflow Data

Favorite hunting techniques: Endpoint behavior analysis, DNS analysis

Favorite tools: Suricata, WiresharkBroGrimm, Log Intrusion Detection tool sets

@Travis_R_Barlow

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 23, 2016 8:00:00 AM

Threat Hunter Profile - Alan Orlikoski

alan.jpg 

Name: Alan Orlikoski

Organization: Oracle

Years hunting: 3

Favorite datasets: Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Favorite hunting techniques: Data traversal analysis, daily dynamic list creation, kill chain analysis

Favorite tools: Log Parser, CCF-VM, LogstashPython, command line (grep, head, tail, sed, awk)

@AlanOrlikoski

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 10, 2016 7:30:00 AM

The Hunter’s Den: Internal Reconnaissance (Part 2)

By Josh Liburdi, Security Technologist at Sqrrl, and George Aquila

In part 1 of this hunter’s den post we took a look at the adversary tactic of internal reconnaissance, including what kinds of artifacts might be left behind when internal reconnaissance has occurred on your network. In this post we’ll take a look at the types of data and the various hunting techniques that you can use to hunt for the various kinds of internal reconnaissance.

Datasets to explore

Data is a critical component of hunting, and many different kinds of datasets can be useful depending on the type of hunt that you are carrying out. For internal reconnaissance, there are two major data types that are useful to a hunt, process execution metadata and network connection metadata. 

Read More

Topics: Threat Hunting, Cyber Threat Hunting, Hunting How-To's, Hunter's Den

Nov 9, 2016 8:00:00 AM

Threat Hunter Profile - Matt Arnao

IMG_2176.jpg 

Name: Matt Arnao

Organization: Lockheed Martin

Years hunting: 5

Favorite datasets: Network sensor and security device logs, windows events, application logs

Favorite hunting techniques: Pivoting, "over the horizon" data gathering, kill chain analysis

Favorite tools: Suricata, yaraSecurity Onion, jq

@mattarnao

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 3, 2016 3:00:00 PM

The Hunter’s Den: Internal Reconnaissance (Part 1)

By Josh Liburdi, Security Technologist at Sqrrl, and George Aquila

As we laid out in our introduction, The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. This first post will focus on hunting for Internal Reconnaissance. Before we dive into the specifics of how to do this, let’s briefly review the two major models that we’ll be referencing over the course of the series.

The first is the Threat Hunting Loop, which outlines a process for threat hunting. As a loop, it is specifically meant to be repeated continually.

Read More

Topics: Threat Hunting, Cyber Threat Hunting, Hunting How-To's, Hunter's Den

Oct 26, 2016 8:00:00 AM

Threat Hunter Profile - Stephen Hinck

stephen_pic.jpg 

Name: Stephen Hinck

Organization: Oracle

Years hunting: 5

Favorite datasets: network logs (proxy, Bro, DNS, etc), process execution, and AV logs

Favorite hunting techniques: Stacking, kill chain analysis

Favorite tools: Command line utilities (grep, sed, awk), ELK stack, ELSA, FireEye TAP

@StephenHinck

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 18, 2016 7:00:00 AM

Former AT&T CISO Ed Amoroso Interviews Sqrrl CTO Adam Fuchs

This was originally posted in conjunction with the 2017 TAG Cyber Annual report. The full report can be be downloaded here.

Hunting Down Cyber Attacks in Enterprises with Big Data

A promising shift in enterprise cybersecurity is the trend toward proactive hunting of cyber security issues in advance of their causing consequential damage. Previously, cyber security analysis consisted of collecting data from gateway systems that would passively watch as an attack occurred. This collected data would be passed to analysts who hopefully would recognize what was happening in order to initiate response. By shifting this approach to a more proactive approach offers hope that attacks can be stopped before they are completed.

Read More

Topics: Threat Hunting, Cyber Threat Hunting

Oct 17, 2016 12:40:58 PM

Threats Driving You Nuts? Try Threat Hunting With Sqrrl

By Pamela Cobb
This article originally appeared on the IBM Security Intelligence blog.


Squirrels have many predators and enemies (hawks, snakes and, of course, cars), but Sqrrl shows how the hunted can become the hunter. Sqrrl is a leading threat hunting platform that is deeply integrated with IBM QRadar SIEM.

Read More

Topics: Threat Hunting, Sqrrl Integrations

Oct 13, 2016 8:00:00 AM

Threat Hunter Profile - Danny Akacki

dannyak.png 

Name: Danny Akacki

Organization: Hunt Team for a Fortune 100 Company

Years hunting: 4

Favorite datasets: Proxy, Firewall, IDS, AV, endpoint logs

Favorite hunting techniques: Behavioral detection, breadth scoping, miconfiguration searching

Favorite tools: FireEye TAP, Splunk, Wireshark, Bro, Moloch, Security Onion

@DAkacki

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 11, 2016 7:00:00 AM

Welcome to The Hunter’s Den: Tools, Tips, and Techniques for Threat Hunting

This is the first post in a new blog series we are calling The Hunter’s Den. Over the last nine months it has been exciting to see the concept of “threat hunting” take off. At the most recent Black Hat conference this past August, it was surprising to see how many companies had begun to adopt threat hunting messaging. This mirrors the increasing interest we have seen around threat hunting, as illustrated by the Google Trends chart below.

Read More

Topics: Threat Hunting, Hunting Platform, Hunting How-To's