Security Onion ๐ง โ · @securityonion
909 followers · 38 posts · Server infosec.exchange#SecurityOnion 2.3.190 Hotfix Now Available!
This hotfix improves support for #Suricata file extraction into #Strelka:
https://blog.securityonion.net/2022/12/security-onion-23190-hotfix-20221207.html
#securityonion #suricata #Strelka
signalblur ๐ก๐ธ:verified: · @signalblur
801 followers · 760 posts · Server infosec.exchange
#Linux #Detection Tip: while a high #entropy on a #Windows binary isnโt a strong detection signal on its own (indicative of a packer which some legitimate software uses on windows), it IS on Linux.
It is much rarer for Linux binaries, especially for internally developed #apps, to have a high entropy.
Tools such as #Strelka (built into #SecurityOnion) can grab this sort of data for you.
#NSM #NetworkSecurity #NetSec #DetectionAndResponse #IncidentResponse #Forensics #DFIR #Cyber #cybersecurity
#linux #detection #entropy #windows #apps #Strelka #securityonion #nsm #networksecurity #netsec #DetectionAndResponse #incidentresponse #forensics #dfir #cyber #cybersecurity