@timb_machine I kind of like your post about how you threat model for customers in Cisco, it would be cool if you then extended the service to provide #OpenTide mapped threat graphs mapped to detections for them, as (some unnamed consulting houses) are doing.

Axioms of Security and Rule-Based Capabilities Security efficacy has diminishing value, at some point, as rule quantity grows Rule count is not an absolute measure of successful coverage Coverage is not an absolute measure of security Alert count has an inverse relationship with their manageability Threats are not static Security posture is temporal and so only instantaneously representative

@timb_machine One day when we read links like br0k3nlab.com/resources/axioms-of-secu... people will have read the #OpenTide white paper and realized how it changes the conversation about #detectioncoverage but this day was not today.

@infosecb thanks for adding #OpenTide to the awesome list!

This #detection #SOC post #detectfyi is very good, and I agree fully up to a point. Where my opinion, and #OpenTIDE starts to diverge is for the final paragraph on coverage discussions and documentation. Its possible to do better than this now. And detection depth as a number of detection points […]

RE: https://infosec.exchange/@cR0w/115231138483939791

Don't you wish we could also collaborate defensively, become force multipliers for each other?

We can. Check out #OpenTIDE

#DetectionEngineering #OpenTIDE
So #Cloudot will help you empirically map attack telemetry, create it and allow you to try to test your detections also

Now Itay Gabbay releases Cloudot, a tool to help you with #DetectionEngineering in cloud.

The tool looks like a serious chunk out of the #OpenTIDE backlog!

@logwyrm add #OpenTIDE in the mix and deploy as code :)

@joshbressers you run the opensourcesecurity podcast then? Nice! Did you consider doing an episode on #OpenTIDE ?

@nopatience Sounds great. Now, for detection logic, if this gets shared as #OpenTIDE format, then some extra benefits accrue.

If you’re #purpleteam ’ing without #OpenTIDE, why don’t you want your work to be actionable for your #SOC #DetectionEngineering :P

We’ve just added translation from Sigma Rules to OpenTIDE Managed… | Andrii B. We’ve just added translation from Sigma Rules to OpenTIDE Managed Detection Rule format! In anticipation of EU ATT&CK Community Workshop tomorrow, we follow on the mission on equipping the global detection engineering community with latest technology, for free. How free? 1. Translation from Sigma to OpenTIDE is free 2. Splunk SPL, Microsoft KQL and Carbon Black Cloud are supported too. 3. 21,298 rules are compatible with OpenTIDE MDR 4. Absolutely free rules include 10,646 for Microsoft Sentinel KQL, 8,942 for Splunk SPL, 3,389 for Carbon Black Cloud and finally 5,378 Sigma rules! How to make it all work together? Don’t miss the ATT&CK EU event tomorrow, live and online. This is just one of the things we’re sharing with the world, and I’m highly anticipating OpenTIDE creators presentation.

This is pretty HUGE news #OpenTIDE and #DetectionEngineering in general! www.linkedin.com/posts/andriimb_weve-just...

From @BSidesLV 2024 -> Ezz uses ML to cluster events without any performance impact on the SIEM and using Attack Flows to help identify the right elements to try to cluster:

www.youtube.com/watch

This will work excellently […]

Please everyone interested in #SOC or #DetectionEngineering read this by @letswastetime its a fantastic post: dispatch.thorcollective.com/p/detection-in-depth

I can only think of one thing missing - which is the actual enumeration of threat vectors and how they chain together to allow […]

This post by Jamie Williams on the THOR Dispatch collective dispatch.thorcollective.com/p/see-evil-thrunt-evil-m... See Evil, Thrunt Evil – Modelling Behaviors is a Critical Thrunting Prerequisite is very correct in that it says you need to not look at threat actor […]