the dogesec blog
much post. so knowledge. many intel. very subscribe. wow.
-
Fighting Disinformation: Classifying Your Research Using Standardised Disinformation Tactics and Techniques
developers May 13, 2024
Our intel team is increasingly using the DISARM framework to classify parts of our research as disinformation campaigns continue increase. In this post I will introduce the DISARM data structure. -
The Problems with Modelling Countries as STIX Objects (and How to Fix Them)
developers April 15, 2024
Take the list of recognised countries and regions. Create STIX objects for them. Make them available to everyone so that the CTI world has a single way of representing them. -
How CTI Butler Creates a Threat Intelligence Graph of Common Frameworks
analysts products March 11, 2024
CTI Butler links many common knowledge bases, for example linking MITRE ATT&CK to CAPEC objects, to improve the context of our research. This post describes the logic CTI Butler employs behind the scenes to do this. -
CTI Developers: We Built an API for MITRE ATT&CK, CWE, CAPEC, ATLAS... and more!
analysts developers products February 12, 2024
Here is a quick-start guide to CTI Butler showing you how much easier it makes working with these frameworks. -
Getting Started with the MITRE ATT&CK Navigator
analyst tutorial January 15, 2024
The MITRE ATT&CK Navigator is a very useful tool to explore the MITRE ATT&CK (and other similar frameworks). In this post I take a look what you can do with Navigator and how it works under the hood so that you can use it to model your own ATT&CK-like frameworks. -
How to Build Custom MITRE ATT&CK Content Using Workbench (Step-by-Step Guide)
analysts tutorial December 11, 2023
A practical Workbench guide: extend ATT&CK, link objects to techniques, and publish collections other teams and tools can consume. -
STIX Shifter: Turning STIX Patterns into SIEM Queries
analysts developers tutorial November 13, 2023
Learn how to translate STIX detection patterns into SIEM queries using STIX Shifter, and convert detections back into STIX Observed Data for evidence and correlation. -
How to Write STIX Indicator Patterns for Real Detection Rules
analysts developers tutorial October 16, 2023
Learn how to turn threat intelligence into actionable detection rules. Learn how to build behavioral detection using STIX Patterns, and link sightings to evidence. -
STIX Storage for Developers: Memory, Files, and Databases
developers tutorial September 18, 2023
A practical guide to storing and querying STIX 2.1 data using MemoryStore, FileSystemStore, and ArangoDB — with Python examples. -
STIX Extensions in the Wild: How to Add What the Spec Forgot
analysts developers tutorial August 14, 2023
How to design and ship STIX 2.1 extensions — new objects, nested props, and bundles — that your consumers will love.