Skip to main content

DTECTI🔍N.IO is open for business

 

We're happy to announce the public availability of dtection.io, our detection e-commerce platform.

Over the past couple of months we've been working on developing a platform that would allow us to sell detection capabilities with out-of-the-box support for Network Intrusion Detection Systems (NIDS) as well as several backend features aimed at automating distribution of information security detection content.

On top of the technical capabilities of the platform, we also wanted to develop a platform and community aimed at empowering researchers interested in selling their research and work.

With dtection.io 0% commission and a constantly evolving backend we are ready to provide a good foundation that is capable of integrating with several workflows and procedures while providing the automation needed to make selling and distributing content as easy as possible.

dtection.io provides researchers with a fully automatic deployment process of their work, distribution via CDN, notifications for both content that is sold as well as active subscriptions, and several options for withdrawal of funds generated from the sales of their work (including cryptocurrencies). With features such as IP Slots (where the retrieval of each subscription content can be limited to X number of IP addresses) researchers have a wide range of choices on how to control access to their products.

Customers of the platform have the assurance of buying from industry veterans that undergo a vetting process before any content is made available online. All sales are backed by support provided by the seller himself, which is always available to receive feedback based on customer experience.

Example purchase notification from dtection.io

Content available at launch

For the time being we've made our own content available in dtection.io with the release of 3CORESec NIDS - Lateral Movement, a Suricata ruleset composed of 50+ fine tuned rules aimed at detecting lateral movement. This ruleset is also a showcase of how we perform detection engineering for NIDS-based detections: rules are mapped to MITRE ATT&CK allowing users to be more actionable in alerts and provide better query capabilities of their findings and detections.

Rule development in 3CORESec NIDS - Lateral Movement utilizes the following metadata tags (introduced by ET Labs):

  • mitre_tool_id
  • mitre_tool_name
  • mitre_technique_id 
  • mitre_tactic_id

Support for these tags in the Suricata signature format has also been added to S2AN, our - now - Suricata/Sigma2ATT&CK mapper.

Giveaways!

It wouldn't be a proper 3CORESec launch if there wasn't a giveaway! Make sure to follow us on Twitter as we will be giving out several vouchers (first come first served) for a 1 year 100% off 3CORESec NIDS - Lateral Movement subscription.

Join DTECTI🔍N.IO!

Would you like to start distributing your content and research? Head over to the Researcher Area to learn more! If you haven't yet, join our Community Slack.

Labels:

Popular posts from this blog

Community Update - 3CORESec Blacklist 📓 🍯

Recently we tweeted about some issues we had with 3CORESec Blacklist , a platform that shares - openly and freely - a subset of the information seen and processed by our honeypot network.  While those issues have been addressed, and seeing as significant changes were made to how we monitor the generation of the lists (which is reflected in our status page ) and how we determine if an IP should be listed as an offending IP or not, this felt like a good opportunity to write a bit more about the platform as well as the changes we made.   For regular users of Blacklist 📓 the first thing they’ll notice is an increase on the numbers of IPs we include. That is a direct result of the changes we made and the growth of the honeypot network itself. We have not - and will not - ever increase the period for which we query the honeypot network, as we believe anything higher than 24h (as specified in the project page) for IP addresses can quickly fall into a decaying state that adds little value
Read more

Detection as Code (DaC) challenges - Introducing Automata

This blog post is the second part of our Detection as Code (DaC) challenges series. You can read part one here . The development process of detections by itself doesn't pose a lot of barriers for security engineering teams, as they are typically done in a lab/controlled environment, but after tuning and deploying rules to a SIEM, the work is only starting. Many things can go wrong after this, and a process of continued and automated testing is crucial. Detection Validation In an ideal (and fictional) world, once the datasets are parsed, normalized, and put into production, detections developed by your team would work forever. Still, the reality is quite different. Maintenance is heavy work that needs to be done frequently - especially if you work on an MSP - but the reality is that the ecosystem lacks tooling and processes to do it proactively. Effectiveness is an important metric and crucial to the successful response of incidents in time, and effectiveness is what we aim to ensu
Read more

Trapdoor - The serverless HTTP honeypot

  Today we are announcing the release of Trapdoor , our AWS-based serverless honeypot.  The idea of a serverless honeytoken isn't new. Adel released his honeyLambda a few years ago and we've been working with it for quite some time. It was because of this experience and the goal of improving on what was already a great idea that we decided to go to the drawing board and see how we would change and tweak the concept.  What is it? Trapdoor is a serverless application that can be deployed in any AWS environment. Its goal is to receive HTTP requests with the intent of identifying, and alerting, on its visitors. The URLs generated by Trapdoor can also be referred to as honeytokens .  While you can get creative on how to use it, one of the goals of a honeytoken is to be hidden or stored in a "safe" place and, if accessed, fire of an alarm, as access to the token would be considered a compromise or unauthorized access.  This example is the passive way of using deception ta
Read more