Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.12.2 Latest
Buy Hosting
  1. Home
  2. Uncategorized
  3. Heck you know what?

Heck you know what?

Scheduled Pinned Locked Moved Uncategorized
cybersecuritysecurityhardeningdetectionengineeringopensource
4 Posts 2 Posters 12 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • pizza in 10 daysR This user is from outside of this forum
    pizza in 10 daysR This user is from outside of this forum
    pizza in 10 days
    wrote last edited by
    #1

    Heck you know what?

    I might pay money for detection rules for any of these open source tools: https://tech.lgbt/@risottobias/113685569855149875

    Like, I would have a locked down environment in prod that only runs a small number of expected applications. Could tighten the expected behavior to just that.

    Who does that kind of work?

    #cybersecurity #securityhardening #detectionengineering #opensource

    pizza in 10 daysR FunesF 2 Replies Last reply
    0
    • pizza in 10 daysR This user is from outside of this forum
      pizza in 10 daysR This user is from outside of this forum
      pizza in 10 days
      replied to pizza in 10 days last edited by
      #2

      What's it called when you want to write a hardened set of expected behaviors for processes running in prod and then alert on anything else?

      Like if I wrote a rule that says the expected binaries on the system are XYZ, the services are ABC, and I baseline those every update on a testing box before releasing updates and the new signature? (So, allowlisted behavioral detection, basically, similar to app armor profile design but for yara or selinux or whatever a good tool is?)

      Are there articles on the subject or is there a word for it?

      1 Reply Last reply
      0
      • FunesF This user is from outside of this forum
        FunesF This user is from outside of this forum
        Funes
        replied to pizza in 10 days last edited by
        #3

        @risottobias like you would want someone to develop a set of detections for a particular environment or you would want to buy detections from someone to tune to that environment?

        pizza in 10 daysR 1 Reply Last reply
        0
        • pizza in 10 daysR This user is from outside of this forum
          pizza in 10 daysR This user is from outside of this forum
          pizza in 10 days
          replied to Funes last edited by
          #4

          @funes allowlisting a particular environments behaviors probably. Otherwise the other two

          1 Reply Last reply
          0

          Copyright © 2025 NodeBB | Contributors
          • Login
          • Don't have an account? Register
          • Login or register to search.
          Powered by NodeBB Contributors
          • First post
            Last post
          0
          • Home
          • Categories
          • Recent
          • Popular
          • World
          • Top
          • Tags
          • Users
          • Groups
          • Documentation
            • Home
            • Read API
            • Write API
            • Plugin Development