Blog
The latest blog posts from SensorFleet team
21 Feb 2022 - Log4Shell Vulnerability - the day when security industry was working overtime
This blog is about the series of Log4Shell vulnerabilities, how they affected our software development and how we helped our customer to validate their networks. I hope this blog will give the reader an insider view of what it is actually like to patch and detect those vulnerabilities.
- Mikko Korkalo
15 Feb 2022 - Use case: National early warning system
SensorFleet Network Detection and Response (NDR) solution was deployed on the HAVARO ecosystem in the second half of 2020. HAVARO is a national monitoring and early warning system provided by the NCSC-FI for critical infrastructure providers and government organizations.
- Sami Petäjäsoja
07 Sep 2021 - Confluence vulnerability, a tale of catching active exploitation in the wild
At SensorFleet we often run trials in co-operation with our customers and partners, and the new codebase is tested in different virtualized environments and partner networks to validate fixes and to test new features. In this case we got interesting results and one could say we were a bit lucky,...
- Antti Tönkyrä
04 Aug 2021 - Streaming events from SensorFleet to Elastic Stack or Azure Sentinel
This blog post will show you step-by-step how to configure Logstash on top of SensorFleet Sensor for streaming events to your SIEM.
- Mikko Korkalo
19 Apr 2021 - Quick start for network security monitoring
Starting a network security monitoring project from scratch, or augmenting the existing solutions, can be a daunting task. Common questions include setting the monitoring objectives, selecting the monitoring tools for the task, planning and resourcing the deployment, and last but not least: What to do with the results.
- Sami Petäjäsoja
07 Apr 2021 - Stream syslog reliably from the edge to SIEM using SensorFleet
This blog post will show you step-by-step how to configure Logstash on top of SensorFleet Sensor as a reliable syslog buffer on your edge network.
- Mikko Korkalo
07 Oct 2020 - Using Zeek to find persistent threats by using a canary file (part 2)
A blog on how to use Zeek IDS on SensorFleet platform to plant a honeypot-like canary file on a file server. Just by using network monitoring.
- Mikko Korkalo
29 Sep 2020 - Using Zeek to find persistent threats by monitoring DNS anomalies (part 1)
This is a blog on how to detect persistent DNS connections using SensorFleet and the Zeek IDS. Some persistent threats may use DNS functionality to get around firewalls or to stay hidden from IDS.
- Mikko Korkalo
21 Sep 2020 - Detection of ZeroLogon (CVE-2020-1472) using SensorFleet
ZeroLogon can be used to exploit a serious vulnerability in Windows Domain Controllers. This blog post shows how to detect it using SensorFleet.
- Mikko Korkalo
03 Jul 2020 - Building Beacon Instrument
Across the hall from SensorFleet office is another cyber security startup, SensorFu, and they have an awesome product called Beacon. Beacon is deployed inside an isolated network segment and it continuously tries to escape out from it. A successful escape is an indication of misconfiguration or malice and getting alert...
- Jukka Taimisto
03 Mar 2020 - Keeping Your Security Monitoring Tools And Tasks Safely Separated
Security tools and appliances typically run with high privileges, have access to sensitive traffic and their security has to be taken at face value. Luckily zero trust, containment, least privilege and privilege separation are not just trendy topics and security design principles for ordinary software.
- Jukka Taimisto
04 Feb 2020 - Our Approach
This blog is about building our next generation cyber sensor platform. First we must let you in on a little secret, our approach may be based on yours. We have a long experience in developing cyber security sensor technology for a national early warning system protecting the critical infrastructure and...
- Sami Petäjäsoja