Steve Cooper's Avatar

Steve Cooper

@blueteamsteve.bsky.social

Cyber security, detection engineering, threat intelligence, SecOps and automation AI/ML. Scottish.

258 Followers  |  923 Following  |  12 Posts  |  Joined: 06.11.2024  |  1.6103

Latest posts by blueteamsteve.bsky.social on Bluesky

Should a detection engineering team be expected to have detection engineering requirements similar to a cti team?

Would it add value or friction?

29.11.2024 19:49 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Nice, had not seen that one before. I like the hand drawn look!

29.11.2024 13:41 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

na my bad, thought you were subtweeting something! It's a nuanced subject for 240 chars!

29.11.2024 11:54 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

What tools are peole using for threat intelligence diagrams these days? Are there any cool AI diagramming tools out now?

I typically use draw io since it's free but I'm a lackluser designer so need al the help I can get!

29.11.2024 11:53 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
CSDL | IEEE Computer Society

My comment was in relation to the paper that has been recently shared around social media. I think youโ€™re right that itโ€™s about outcomes not metrics.

www.computer.org/csdl/proceed...

28.11.2024 15:03 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 2

Saw a study saying same. Not sure I agreed with their methodology

Very hard thing to measure since major incidents are a sparse dataset in single companies. Even meta analysis is difficult because extracting only impact of phishing training out of entire transformation program is impossible

28.11.2024 13:52 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Fantastic write up. Some really interesting tradecraft and the definition of APT.

But also highlights some foundational detections all orgs should have around suspicions process locations, cred access, etc.

Even using sophisticated techniques most attackers still leave tracks!

22.11.2024 20:33 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

I use and like both but lean towards Windows these days. Better ui and window management, file mgt, games.

Mac did make using Linux tools, docker and devops tooling easier. However WSL solves that now.

I still like my M1 โ€˜s battery life and cool running! M4 max looks awesome for local LLM too!

22.11.2024 20:08 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Good blog!

All comes down to really understanding your org, data and use case. And expectations on recall versus precision.

Also not every use case needs to run hourly. Longer windows and schedules may actaully be better for analytics focused detections and avoid the lag problem entirely.

21.11.2024 14:05 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Someone really has the knives out for Google!

Feels destructive and lacking clear understanding of the market. Search is about to get disrupted big time.

21.11.2024 13:33 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Uncoder IO: Detection Engineering IDE & Translation Engine for Cyber Defenders Sign up to Uncoder AI for free and obtain advanced detection engineering capabilities that unlock collective expertise backed by Sigma and MITRE ATT&CKยฎ.

Yea vital to have good knowledge of search languages. Most big orgs will be Splunk SPL or Sentinel KQL.

Sigma and uncoder.io are great!

13.11.2024 10:38 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

If you wanted to help someone go zero to hero as a detection engineer what resources would you suggest?

13.11.2024 09:41 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

@blueteamsteve is following 19 prominent accounts