Blog Posts
Situational Awareness for Cybersecurity Architecture: Network Visibility
Network compromises cannot be detected without visibility into the activities within assets. Network security analysts can view these activities in one of two places....
• By Timur Snoke
In Situational Awareness
Engineering for Cyber Situational Awareness: Endpoint Visibility
In this post, we aim to help network security analysts understand the components of a cybersecurity architecture, starting with how we can use endpoint information....
• By Phil Groce, Timur Snoke
In Situational Awareness
Best Practices in Network Traffic Analysis: Three Perspectives
In July of this year, a major overseas shipping company had its U.S. operations disrupted by a ransomware attack, one of the latest attacks to disrupt the daily operation of …
• By Angela Horneman, Tim Shimeall, Timur Snoke
In Situational Awareness
Best Practices for NTP Services
The network time protocol (NTP) synchronizes the time of a computer client or server to another server or within a few milliseconds of Coordinated Universal Time (UTC)....
• By Timur Snoke
In Situational Awareness
Making YAF App Labels from Text-Based Snort Rules
This SEI Blog post explains how to use YAF to create an application label for text search in SiLK and Analysis Pipeline, with steps and an example.