About tameri

tameri

You may already be aware that we announced Google SecOps API Wrapper SDK last month. There are couple of posts here and here. The SDK provides a comprehensive command-line interface (CLI) that makes it easy to interact with Google Security Operations...

tameri · 05-31-2024

In this post, I will show you how to use Mandiant Security Validation (MSV) and threat intelligence from Virustotal to validate whether your endpoint security controls can detect data exfiltration using curl on windows. Your task is to validate wheth...

tameri · 05-23-2024

In this post, I will show you how to use Mandiant Security Validation (MSV) and available exploits to validate whether your internet security controls can detect and/or prevent a Chrome browser exploit. As a Network Security Administrator or Red Team...

tameri · 05-17-2024

In this post, I will show you how to use VirusTotal and Mandiant Security Validation to validate that your internet security controls can detect and/or prevent command and control communication for a malware sample. As a security analyst, you have be...

tameri · 03-13-2024

Zeek(used to be Bro) is an open-source Network Security Monitor that can be used for Detection System and network traffic analysis framework. Zeek can generate real-time alerts, data logging for further investigation, and automatic program execution ...

tameri · 01-17-2025

@Chris_B ,what about using using the tags in the rule output section, for example outcome: $mitre_attack_technique = "Service Stop" $mitre_attack_technique_id = "T1489" The in each playbook add "Siemplify - Case Tag" action to assign the mitre attack...

tameri · 11-19-2024

@shubhamagar , if you close the alert it will stop the playbook, is this what you are looking for?

tameri · 10-22-2024

@preet_mehta , kindly, look into set context value and get context value tools , I think these can help your use case https://cloud.google.com/chronicle/docs/soar/marketplace/power-ups/tools#set-context-valuehttps://cloud.google.com/chronicle/docs/so...

tameri · 10-18-2024

@VivekPuthan , did you try to use any as mentioned in the repeated fields here this https://cloud.google.com/chronicle/docs/detection/yara-l-2-0-syntax#repeated_fields

tameri · 10-07-2024

@danish_abu , is there a retention policy on the gcp bucket? if yes then remove it, make sure the bucket is empty and try again

My Stats

juanjfdez's Bio

Badges tameri Earned

Recent Activity

Bridging SecOps Data & AI Analysis using the SecOps SDK CLI and Custom python script

How to use MSV and Virustotal to assess against Data exfiltration using curl

How to create Web Actions - Google Chrome 78.0.3904.70 (CVE-2019-13720) as an example

How to use Security Validation and VirusTotal to measure your Internet Security Controls

Chronicle Search-Zeek A Quick Reference

Re: SOAR Case reporting by Category

Re: How to stop a playbook action ?

Re: Need to store API response data in the SOAR platform

Re: Yara 2.0 String iteration

Re: Data Export to GCP Bucket