Tools
Blog Posts
Windows Event Logging for Insider Threat Detection
In this post, I continue my discussion on potential low-cost solutions to mitigate insider threats for smaller organizations or new insider threat programs....
• By Derrick Spooner
In Insider Threat
New SEI CERT Tool Extracts Artifacts from Free Text for Incident Report Analysis
The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University recently released the Cyobstract Python library as an open source tool....
• By Matthew Sisk, Samuel J. Perl
In CERT/CC Vulnerabilities
Navigating the Insider Threat Tool Landscape
Mitigating insider threats is a multifaceted challenge that involves the collection and analysis of data to identify threat posed by many different employee types....
• By Derrick Spooner
In Insider Threat
Announcing CERT Tapioca 2.0 for Network Traffic Analysis
A few years ago, I announced the release of CERT Tapioca for MITM Analysis. This virtual machine was created for the purpose of analyzing Android applications to find apps....
• By Will Dormann
In CERT/CC Vulnerabilities
Introducing Atlas: A Prototype for Visualizing the Internet
After 30 years, cyber command centers, educators, and Internet threat intelligence organizations have yet to embrace a standardized, encompassing, and intuitive way to represent the entities and activities of the …
• By Douglas Gardner
Visualizing CERT BFF String Minimization
I've been working on a presentation called CERT BFF - From Start to PoC. In the process of preparing my material, I realized that a visualization could help people understand …
• By Will Dormann
In CERT/CC Vulnerabilities
YAF App Label Signature Context with Analysis Pipeline
In my last post, I presented how to create a YAF application label signature rule that corresponds to a text-based Snort-type rule....
• By Angela Horneman
In CERT/CC Vulnerabilities
Making YAF App Labels from Text-Based Snort Rules
This SEI Blog post explains how to use YAF to create an application label for text search in SiLK and Analysis Pipeline, with steps and an example.
• By Angela Horneman, Timur D. Snoke
In CERT/CC Vulnerabilities
Baseline Network Flow Examples
Hi. This is Angela Horneman of the SEI's Situational Awareness team. I've generated service specific network flows to use as baseline examples for network analysis and am sharing them since …
• By Angela Horneman
In CERT/CC Vulnerabilities
A Subversive Use of SiLK
Hi, this is Leigh Metcalf. In this blog post I talk about a subversive use of SiLK, the open-source tool suite designed by the CERT/CC team at the SEI, available …