I published the following diary on isc.sans.org: “Are Your Hunting Rules Still Working?“: You are working in an organization which implemented good security practices: log events are collected then indexed by a nice powerful tool. The next step is usually to enrich this (huge) amount of data with external sources. You
![SANS ISC](https://blog.rootshell.be/wp-content/uploads/2015/12/isc.jpg)