Home
TCO Platform
Resources
Company
- About Us
- Careers
Request A Demo

Resources Blog

Resources

Blog
White Papers
Newsroom
Webinars & Events

Liran Ravich

Find me on:

Splunk and other SIEM detections for Follina, a clever MS-Office 0-day

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on June 1, 2022

Summary This blog post summarizes Follina, an RCE zero-day discovered in Microsoft Office. It provides recommended detections in the native query languages for Splunk, Microsoft Sentinel, IBM QRadar, ... Read More>>

Lapsus$ vs the world: SIEM detection rules with ATT&CK mapping

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on March 24, 2022

Image credit: World of Dictionary A new player has entered the game The ”Lapsus$” group, unknown before December 2021, has made multiple headlines in recent weeks, following multiple data breaches in ... Read More>>

All Posts

WHAT’S NEW

Featured

Why MITRE ATT&CK Has Taken Over the SOC World
Leveraging AI and Automation with MITRE ATT&CK to Eliminate Detection Coverage Gaps in Your SOC
SIEM Detections for Okta PassBleed (Splunk, Microsoft Sentinel, IBM QRadar, Sumo Logic)
Splunk and other SIEM detections for Follina, a clever MS-Office 0-day
Enterprise SIEMs Detect Fewer Than 5 of Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

See all