AlphaSOC

Recorded Future reports ClickFix campaigns targeting Windows and macOS users to deploy malware through fake CAPTCHA prompts. AlphaSOC flags these malware delivery and C2 traffic patterns to protect customers. Read more here >> recordedfuture.com/research/click…

We proactively track Storm-1575 phishing-as-a-service infrastructure to protect our customers, including this domain with very low coverage on VirusTotal >> virustotal.com/gui/domain/ten…

We have many new SaaS detections for GitHub and Okta in beta. Process your SaaS audit logs with the AlphaSOC Analytics Engine to hunt threats and even deploy your own custom Sigma rules. Read more here >> docs.alphasoc.com/detections_and…

Got CrowdStrike Falcon? Process your raw FDR telemetry with AlphaSOC to deploy your own custom Sigma rules and supercharge your threat hunting. Read more here >> alphasoc.com/crowdstrike

We process network telemetry to cover 70+ out-of-the-box detection use cases and highlight patterns including spear phishing, impersonation attacks, anonymizing circuit traffic (e.g. Tor and I2P) and cryptomining pool participation. Read more >> docs.alphasoc.com/detections_and…

IBM X-Force reports Hive0163 deploying Slopoly, an AI-generated malware that maintains C2 access via HTTP beaconing before delivering Interlock ransomware. AlphaSOC flags these malware and C2 patterns to protect customers. Read more here >> ibm.com/think/x-force/…

Want to measure the efficacy of your threat detection stack with regard to cryptomining traffic? Use flightsim to generate Stratum traffic to known mining pool services online >> github.com/alphasoc/fligh…

Using Sigma rules for detection and hunting? Process your EDR telemetry (e.g., Defender for Endpoint, CrowdStrike Falcon, and SentinelOne) with AlphaSOC and deploy both community and custom Sigma detections outside of your SIEM. Read more here >> docs.alphasoc.com/detections_and…

Sending audit logs and telemetry to Cribl Stream? You can process those raw events using AlphaSOC via our native integration for Cribl and forward the findings in OCSF format on to your SIEM or Data Lake to reduce your costs. Read more here >> alphasoc.com/cribl

Want to flag anomalies within your AWS environment and overlay them with MITRE ATT&CK? We have extended our analytics engine to process CloudTrail logs and highlight 400+ threats. Here's a full list of detection use cases >> docs.alphasoc.com/detections_and…

Microsoft reports Storm-2561 using SEO poisoning to distribute trojans disguised as enterprise VPN clients from Fortinet, Pulse Secure, and Ivanti. AlphaSOC flags this malware family and its C2 traffic patterns to protect customers. Read more here >> microsoft.com/en-us/security…

Got Cribl? Security teams use our native plug-and-play integration with Cribl Stream to uncover unknown threats and instantly deploy custom Sigma rules for threat hunting and detection. Get started here >> alphasoc.com/cribl

Want to flag threats to your environment with high fidelity? The AlphaSOC Analytics Engine highlights C2 patterns that most vendors don't, including this recent #LaplasClipper campaign IP in VirusTotal >>

Third-party VPNs are increasingly used by threat actors to exfiltrate data and evade controls. The AlphaSOC Analytics Engine provides defenders with visibility into these encrypted sessions, as shown >>

Got Splunk? Our latest release adds MITRE ATT&CK mapping and enables teams to identify both known and unknown emerging threats. Use Network Behavior Analytics for Splunk to instantly process your network telemetry and solve 70+ detection use cases >> splunkbase.splunk.com/app/4052

Microsoft reports threat actors using signed malware impersonating workplace apps to deploy RMM backdoors and maintain C2 access in enterprise environments. AlphaSOC flags this malware family and its C2 traffic patterns to protect customers. microsoft.com/en-us/security…

Our Analytics Engine supports detections across endpoints, cloud workloads, and SaaS applications! Process your CrowdStrike FDR telemetry and logs from AWS, GitHub, Slack, Okta, and other platforms to hunt threats. Dig into the docs here >> docs.alphasoc.com

Security teams leverage the AlphaSOC Analytics Engine to flag emerging threats, including Scattered Spider spearphishing domains. Here's a recent example >> virustotal.com/gui/domain/adf…

Want to hunt threats and flag anomalies within your Slack audit logs? Instantly process them with AlphaSOC and 40+ out-of-the-box detections. You can define your own custom Sigma rules too. Read more here >> docs.alphasoc.com/detections_and…

AlphaSOC processes telemetry from EDR platforms, cloud infrastructure, identity providers, and SaaS applications to flag anomalies and threats. Dive into our docs for more details >> docs.alphasoc.com