Receive occasional news and new articles from Cosive.

Thanks for subscribing to our newsletter
Oops! Something went wrong
Chris Horsley
Chris Horsley
Chief Technology Officer
Terry MacDonald
Terry MacDonald
Managing Director
February 21, 2024

Announcing Leadership Changes at Cosive: Farewell to Kayne Naughton and Welcome Scott Ceely

We wanted to take a moment today to update our community of past and present customers, as well as our professional and personal networks, of recent changes to the Cosive board.

David Kaladjurdjevic
David Kaladjurdjevic
Security Consultant
February 21, 2024

Getting More Out of MISP and Microsoft Sentinel

Typically, SecOps analysts will have many daily routines, one of which will be to check their favourite Threat Intelligence Platforms, read the latest threats and note down any that are worthy of attention. Next, they’ll add those threats to the their central log analysis and alerting platform (e.g. Microsoft Sentinel) as something to look for. Depending on how many feeds analysts are watching and how active the bad actors are, this can be a very time consuming process. Granted, an important one, but still time consuming. Wouldn't it be nice if we could save the planet one tree at a time by doing away with all the post-it notes with one-off IP addresses and domain names? Could we get MISP and Microsoft Sentinel to talk directly without wasting analyst time?

David Kaladjurdjevic
David Kaladjurdjevic
Security Consultant
February 26, 2024

A Tale of Two Systems: How We Integrated MISP with AssemblyLine

MISP has a lot of strengths, but it’s not a malware analysis service in its own right. It does deal with file hashes day in and day out, though. While you can add malicious file samples to MISP, we advise against it to make sure analysts don’t make mistakes and practise good network hygiene. So, we wanted to add another screwdriver to MISP’s toolbox.

Tash Postolovski
Tash Postolovski
Technical Marketing Manager
Chris Horsley
Chris Horsley
Chief Technology Officer
February 21, 2024

The Opportunity Cost of Self-hosting MISP

A term with origins in macroeconomics, opportunity cost is the hidden cost of choosing one course of action over another, when both cannot be chosen at the same time. Opportunity costs are not always financial. For example, the opportunity cost of playing video games instead of going for a hike are the benefits you’d have likely gained from hiking, such as improved fitness and mental health. Security teams also incur opportunity costs whenever they pick one way to spend their time and resources over another. The opportunity cost of self-hosting and maintaining MISP is the additional time and brainpower teams could have otherwise spent gathering and leveraging usable threat intelligence and enhancing their organisation’s security posture.

Tash Postolovski
Tash Postolovski
Technical Marketing Manager
February 26, 2024

Assemblyline 4 Services: A Guided Tour

Assemblyline 4 is a popular open-source private malware repository. Arguably the most powerful feature of Assemblyline 4 is the capability to chain services together for comprehensive and highly customisable artifact triage and analysis. Each Assemblyline service performs a specific function (similar to the “microservices” pattern often used in software architecture). These services can be chained together to process files, extract relevant information, and evaluate potential threats. In this guide, we’ll dive into Assemblyline’s most useful managed (built-in) services you can incorporate into your analysis workflows.