Blog

The latest blog posts from SensorFleet team

21 Feb 2022 - Log4Shell Vulnerability - the day when security industry was working overtime

This blog is about the series of Log4Shell vulnerabilities, how they affected our software development and how we helped our customer to validate their networks. I hope this blog will give the reader an insider view of what it is actually like to patch and detect those vulnerabilities.

- Mikko Korkalo

Read More »


15 Feb 2022 - Use case: National early warning system

SensorFleet Network Detection and Response (NDR) solution was deployed on the HAVARO ecosystem in the second half of 2020. HAVARO is a national monitoring and early warning system provided by the NCSC-FI for critical infrastructure providers and government organizations.

- Sami Petäjäsoja

Read More »


07 Sep 2021 - Confluence vulnerability, a tale of catching active exploitation in the wild

At SensorFleet we often run trials in co-operation with our customers and partners, and the new codebase is tested in different virtualized environments and partner networks to validate fixes and to test new features. In this case we got interesting results and one could say we were a bit lucky,...

- Antti Tönkyrä

Read More »


04 Aug 2021 - Streaming events from SensorFleet to Elastic Stack or Azure Sentinel

This blog post will show you step-by-step how to configure Logstash on top of SensorFleet Sensor for streaming events to your SIEM.

- Mikko Korkalo

Read More »


19 Apr 2021 - Quick start for network security monitoring

Starting a network security monitoring project from scratch, or augmenting the existing solutions, can be a daunting task. Common questions include setting the monitoring objectives, selecting the monitoring tools for the task, planning and resourcing the deployment, and last but not least: What to do with the results.

- Sami Petäjäsoja

Read More »


07 Apr 2021 - Stream syslog reliably from the edge to SIEM using SensorFleet

This blog post will show you step-by-step how to configure Logstash on top of SensorFleet Sensor as a reliable syslog buffer on your edge network.

- Mikko Korkalo

Read More »


07 Oct 2020 - Using Zeek to find persistent threats by using a canary file (part 2)

A blog on how to use Zeek IDS on SensorFleet platform to plant a honeypot-like canary file on a file server. Just by using network monitoring.

- Mikko Korkalo

Read More »


29 Sep 2020 - Using Zeek to find persistent threats by monitoring DNS anomalies (part 1)

This is a blog on how to detect persistent DNS connections using SensorFleet and the Zeek IDS. Some persistent threats may use DNS functionality to get around firewalls or to stay hidden from IDS.

- Mikko Korkalo

Read More »


21 Sep 2020 - Detection of ZeroLogon (CVE-2020-1472) using SensorFleet

ZeroLogon can be used to exploit a serious vulnerability in Windows Domain Controllers. This blog post shows how to detect it using SensorFleet.

- Mikko Korkalo

Read More »


03 Jul 2020 - Building Beacon Instrument

Across the hall from SensorFleet office is another cyber security startup, SensorFu, and they have an awesome product called Beacon. Beacon is deployed inside an isolated network segment and it continuously tries to escape out from it. A successful escape is an indication of misconfiguration or malice and getting alert...

- Jukka Taimisto

Read More »


03 Mar 2020 - Keeping Your Security Monitoring Tools And Tasks Safely Separated

Security tools and appliances typically run with high privileges, have access to sensitive traffic and their security has to be taken at face value. Luckily zero trust, containment, least privilege and privilege separation are not just trendy topics and security design principles for ordinary software.

- Jukka Taimisto

Read More »


04 Feb 2020 - Our Approach

This blog is about building our next generation cyber sensor platform. First we must let you in on a little secret, our approach may be based on yours. We have a long experience in developing cyber security sensor technology for a national early warning system protecting the critical infrastructure and...

- Sami Petäjäsoja

Read More »