the dogesec blog
much post. so knowledge. many intel. very subscribe. wow.
-
How to Build Custom MITRE ATT&CK Content Using Workbench (Step-by-Step Guide)
analysts tutorial December 11, 2023
A practical Workbench guide: extend ATT&CK, link objects to techniques, and publish collections other teams and tools can consume. -
STIX Shifter: Turning STIX Patterns into SIEM Queries
analysts developers tutorial November 13, 2023
Learn how to translate STIX detection patterns into SIEM queries using STIX Shifter, and convert detections back into STIX Observed Data for evidence and correlation. -
How to Write STIX Indicator Patterns for Real Detection Rules
analysts developers tutorial October 16, 2023
Learn how to turn threat intelligence into actionable detection rules. Learn how to build behavioral detection using STIX Patterns, and link sightings to evidence. -
STIX Storage for Developers: Memory, Files, and Databases
developers tutorial September 18, 2023
A practical guide to storing and querying STIX 2.1 data using MemoryStore, FileSystemStore, and ArangoDB — with Python examples. -
STIX Extensions in the Wild: How to Add What the Spec Forgot
analysts developers tutorial August 14, 2023
How to design and ship STIX 2.1 extensions — new objects, nested props, and bundles — that your consumers will love. -
Schema Chaos and the Art of STIX Maintenance
developers tutorial July 10, 2023
All I wanted was EPSS and CVSS to show up in OpenCTI. Instead, I ended up reverse-engineering half its schema and building new STIX Extensions from scratch. Here’s the mildly painful but oddly satisfying journey. -
Your First STIX Objects: A Developer’s Guide to STIX 2.1 with Python
developers tutorial June 19, 2023
The fast, code-first way to generate valid STIX 2.1 threat intelligence in Python. Covers SDOs, SCOs, relationships, versioning, and bundling — everything you need to start building and sharing structured intel like a pro. -
Understanding STIX 2.1 Objects: A Foundation for Structured Threat Intelligence
analysts developers tutorial May 14, 2023
Forget the 50-page spec. This guide explains STIX 2.1 objects—SDOs, SCOs, SROs, SMOs, and Bundles—in plain English with real threat intel examples.
← Newer posts
3 of 3