Resources Blog

Liran Ravich

Find me on:

Recent Posts

Splunk and other SIEM detections for Follina, a clever MS-Office 0-day

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on June 1, 2022

Summary This blog post summarizes Follina, an RCE zero-day discovered in Microsoft Office. It provides recommended detections in the native query languages for Splunk, Microsoft Sentinel, IBM QRadar, ... Read More>>

Lapsus$ vs the world: SIEM detection rules with ATT&CK mapping

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on March 24, 2022

Image credit: World of Dictionary A new player has entered the game The ”Lapsus$” group, unknown before December 2021, has made multiple headlines in recent weeks, following multiple data breaches in ... Read More>>