As widely reported across the Internet, a woman has died as the result of a ransomware attack. I want to say that this drives home the importance of information security, but the reality is, this isn’t the first time someone’s life was ruined by security breaches. It might be the first time someone has died, but Stuxnet and Equifax and…
Long title, I know. Sorry. As I’ve mentioned in the past, my preferred computing device right now is an iPad Pro. That’s enabled by my favorite development environment, AWS Cloud9. A complete end-to-end dev environment in the cloud, accessed through a browser? It’s a dream come true! But not everything is sunshine and roses. While it works, it doesn’t always…
In the SIEM world, Azure Sentinel is very much a newcomer, but is already shaking up the enterprise-dominated space. Priced at about 10x cheaper than its competitors ($2.76 per GB), the tool massively undercuts every other product. In very non-Microsoft fashion, it also brings to the table some very cutting-edge features, like Jupyter Notebooks and bring-your-own machine learning (features that…
Recently I had a conversation with my team manager, and the conversation turned to “where do you see the future of security going?” It didn’t take much thought to come up with an answer: more analytics, more automation, fewer people. Let’s approach these one at a time. More Analytics Not everything can be reduced to raw numbers, but don’t tell…
For years, I’ve done almost all of my development in the cloud. Most of this has been spent with Cloud9 (and then AWS Cloud9 after Amazon bought the company). Now that I’m using an iPad Pro full time (more on that in another post) this has become more important to me. And following the success of Cloud9, competitors have started…
I recently bought an iPad Pro and the Magic Keyboard. More on that in an upcoming post. But when I was making my decision to purchase, I did a lot of research. And I would always come across reviews like this one from Tom’s Hardware Guide that complains about how heavy/thick the Magic Keyboard makes the iPad. They compare it…
I write code. I’m not a programmer. I am a security engineer who can code. Why is that important?
I want to walk through how to write a QRadar app, specifically to collect logs from a log source that only allows the use of an API and that QRadar does not natively support. Examples at the time of writing include Duo Security and Trend Micro Apex Central, but there are potentially thousands of others you might run into.
No, I’m not talking about QRadar on Cloud (QRoC) or even running QRadar in a cloud environment. I’m talking about how to manage a QRadar system when a number of your log sources are sitting in the cloud.
Writing QRadar apps isn’t always the most straightforward task. I learned a lot of stuff the hard way. Here’s the most important things.