Especially during my time at Gartner as an analyst, I heard many preposterous claims about TAM’s and IT security budgets and associated pricing strategies. Someone telling you that they supposedly sell to mid-sized enterprises, yet their solution comes with a minimum price tag of $500,000 just stretches believability. …


Malware Outbreak visualized as Network Graph

Welcome to our second article on Brim’s Data Science blog. In the first article in this series , we learned how to use Brim’s python library to fetch Zeek data into Pandas.

Today we’re going to build on what we learned last time. Instead of just looking at Zeek data…


Qakbot is the newest guise of Qbot, a banking trojan that was first detected in the wild in 2009. Originally focused on the theft of banking credentials via keystroke logging, it has since evolved to deliver a variety of payloads. …


Brim is a full nano network intrusion detection and threat hunting platform, and best of all, it’s open source. There is no need to install half a SOC or a dozen databases on a laptop to run a breach assessment or conduct a threat hunt. …


We are really excited to announce that we have extended our pcap post-capture analysis engine in Brim with Suricata. In addition to Brim analyzing raw packet data with Zeek, you can now also detect malicious indicators of compromise using Suricata’s Emerging Threats OPEN ruleset.

Phil Rzewski, Brim’s community director who…


Network Graph Visualization of IP Traffic

Introduction

Network Graphs are a way of structuring, analyzing and visualizing data that represents complex networks, for example social relationships or information flows.

A typical application, and of special interest for threat hunters, modelers and analysts, is the modelling and analysis of TCP/IP network communications.

With the release into open beta…


The US Cybersecurity and Infrastructure Security Agency recently released an advisory warning of a resurgence of the Emotet malware.

Emotet started out in 2014 as a Banking Trojan, but has since evolved into a sophisticated malware, offered on the Darknet as a commercial Cybercrime-as-a-Service platform.

Victims that are infected with…


In the last article, I shared my favourite Brim ZQL queries to begin a threat hunting investigation in Zeek data. We covered pretty generic observables and events, so this time we’ll delve into how you can get better insights into network activity and actors.

TIP! You can find detailed installation…


Threat Hunting is challenging — there’s an adversary trying to hide after all — so any tool that can speed up your time to insight should be in a hunter’s tool chest. And while advanced analytics, anomaly detection, machine learning and similar emerging approaches are without doubt powerful and have…

Oliver Rochford

Oliver is a Security Subject Matter Expert at Brim Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store