DTECTI🔍N.IO is open for business


We're happy to announce the public availability of dtection.io, our detection e-commerce platform.

Over the past couple of months we've been working on developing a platform that would allow us to sell detection capabilities with out-of-the-box support for Network Intrusion Detection Systems (NIDS) as well as several backend features aimed at automating distribution of information security detection content.

On top of the technical capabilities of the platform, we also wanted to develop a platform and community aimed at empowering researchers interested in selling their research and work.

With dtection.io 0% commission and a constantly evolving backend we are ready to provide a good foundation that is capable of integrating with several workflows and procedures while providing the automation needed to make selling and distributing content as easy as possible.

dtection.io provides researchers with a fully automatic deployment process of their work, distribution via CDN, notifications for both content that is sold as well as active subscriptions, and several options for withdrawal of funds generated from the sales of their work (including cryptocurrencies). With features such as IP Slots (where the retrieval of each subscription content can be limited to X number of IP addresses) researchers have a wide range of choices on how to control access to their products.

Customers of the platform have the assurance of buying from industry veterans that undergo a vetting process before any content is made available online. All sales are backed by support provided by the seller himself, which is always available to receive feedback based on customer experience.

Example purchase notification from dtection.io

Content available at launch

For the time being we've made our own content available in dtection.io with the release of 3CORESec NIDS - Lateral Movement, a Suricata ruleset composed of 50+ fine tuned rules aimed at detecting lateral movement. This ruleset is also a showcase of how we perform detection engineering for NIDS-based detections: rules are mapped to MITRE ATT&CK allowing users to be more actionable in alerts and provide better query capabilities of their findings and detections.

Rule development in 3CORESec NIDS - Lateral Movement utilizes the following metadata tags (introduced by ET Labs):

  • mitre_tool_id
  • mitre_tool_name
  • mitre_technique_id 
  • mitre_tactic_id

Support for these tags in the Suricata signature format has also been added to S2AN, our - now - Suricata/Sigma2ATT&CK mapper.


It wouldn't be a proper 3CORESec launch if there wasn't a giveaway! Make sure to follow us on Twitter as we will be giving out several vouchers (first come first served) for a 1 year 100% off 3CORESec NIDS - Lateral Movement subscription.


Would you like to start distributing your content and research? Head over to the Researcher Area to learn more! If you haven't yet, join our Community Slack.

Popular posts from this blog

The undetectable way of exporting an AWS DynamoDB

Trapdoor - The serverless HTTP honeypot

Detection as Code (DaC) challenges - Introducing Automata