SANS ISC

[SANS ISC] Querying DShield from Cortex

I published the following diary on isc.sans.edu: “Querying DShield from Cortex”:

Cortex is a tool part of the TheHive project. As stated on the website, it is a “Powerful Observable Analysis Engine”. Cortex can analyze observables like IP addresses, emails, hashes, filenames against a huge (and growing) list of online services. I like the naming convention used by Cortex. We have “observables” that can be switched later to an “IOC” later if they are really relevant for us. Keep in mind that an interesting IOC for you could be totally irrelevant in another environment… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.