SANS ISC

[SANS ISC Diary] IOC’s: Risks of False Positive Alerts Flood Ahead

I published the following diary on isc.sans.org: “IOC’s: Risks of False Positive Alerts Flood Ahead“.

Yesterday, I wrote a blog post which explained how to interconnect a Cuckoo sandbox and the MISP sharing platform. MISP has a nice REST API that allows you to extract useful IOC’s in different formats. One of them is the Suricata / Snort format. Example… [Read more]