Google Cloud’s intelligence research and applications team released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by attackers - https://www.helpnetsecurity.com/2022/11/21/cobalt-strike-attackers-detection-rules/ - #CobaltStrike #YARA #DetectionRules #RedTeam #BlueTeam #Cybersecurity #InfoSec

In the early 2000s, a #CS student and myself developed an #IDMEF/#IDXP compliant security event message pipelining framework for collecting and consolidating messages from network #IDS, and #EDR products.

In the messages stream, we were able to match multi-stage #correlation #DetectionRules in near real-time (in-memory), before everything was stored in central database. Structural graph-based #AnomalyDetection was developed later by some colleagues.

We called it #MetaIDS.