Receive occasional news and new articles from Cosive.

Thanks for subscribing to our newsletter
Oops! Something went wrong
February 21, 2024

Getting More Out of MISP and Microsoft Sentinel

Typically, SecOps analysts will have many daily routines, one of which will be to check their favourite Threat Intelligence Platforms, read the latest threats and note down any that are worthy of attention. Next, they’ll add those threats to the their central log analysis and alerting platform (e.g. Microsoft Sentinel) as something to look for. Depending on how many feeds analysts are watching and how active the bad actors are, this can be a very time consuming process. Granted, an important one, but still time consuming. Wouldn't it be nice if we could save the planet one tree at a time by doing away with all the post-it notes with one-off IP addresses and domain names? Could we get MISP and Microsoft Sentinel to talk directly without wasting analyst time?

February 26, 2024

A Tale of Two Systems: How We Integrated MISP with AssemblyLine

MISP has a lot of strengths, but it’s not a malware analysis service in its own right. It does deal with file hashes day in and day out, though. While you can add malicious file samples to MISP, we advise against it to make sure analysts don’t make mistakes and practise good network hygiene. So, we wanted to add another screwdriver to MISP’s toolbox.

February 21, 2024

The Opportunity Cost of Self-hosting MISP

A term with origins in macroeconomics, opportunity cost is the hidden cost of choosing one course of action over another, when both cannot be chosen at the same time. Opportunity costs are not always financial. For example, the opportunity cost of playing video games instead of going for a hike are the benefits you’d have likely gained from hiking, such as improved fitness and mental health. Security teams also incur opportunity costs whenever they pick one way to spend their time and resources over another. The opportunity cost of self-hosting and maintaining MISP is the additional time and brainpower teams could have otherwise spent gathering and leveraging usable threat intelligence and enhancing their organisation’s security posture.

February 26, 2024

Assemblyline 4 Services: A Guided Tour

Assemblyline 4 is a popular open-source private malware repository. Arguably the most powerful feature of Assemblyline 4 is the capability to chain services together for comprehensive and highly customisable artifact triage and analysis. Each Assemblyline service performs a specific function (similar to the “microservices” pattern often used in software architecture). These services can be chained together to process files, extract relevant information, and evaluate potential threats. In this guide, we’ll dive into Assemblyline’s most useful managed (built-in) services you can incorporate into your analysis workflows.

February 26, 2024

The Rise in Unique Malware & How to Defend Against It

While commodity malware is designed for general use against a broad range of targets, unique malware is designed for specific, targeted attacks against an organisation, facility, or individual. Unfortunately, the use of unique malware appears to be on the rise, with the latest BlackBerry Quarterly Global Threat Intelligence Report white paper showing a 70% increase in unique malware samples associated with attacks against BlackBerry Cybersecurity customers. In this article, we’ll explore the threat of unique malware, steps organisations are taking to fight it with the help of tools like Cosive’s MalwareZoo, which is purpose-built to privately store and analyse sensitive, targeted malware.