Resources - Page 2 of 20

AI’s Role in Operationalizing Threat Intelligence

Is the “intelligence” in Threat Intelligence actually a misnomer? Intelligence implies analyzing and interpreting raw, unprocessed information to make decisions and solve problems. Information becomes intelligence when it’s actionable. That’s the missing gap with most

The Art of Anomaly Hunting: Learning from Legitimate Patterns for Detection

When writing detections based on threat reports, research blogs or other sources, common sense dictates that we should find a way to alert on the malicious actions as best as possible, ideally using TTPs. This

Vulnerability vs Exposure Management: How Context & Exploitability Clarify True Risk

Traditional vulnerability management is great at telling you what’s broken–just ask the team managing your neverending backlog of vulnerability findings. But it’s not great at incorporating context on your specific threat landscape and attack surfaces.

Detection for CTEM: When One Good Detection Is Worth Dozens of Patches

IT and security teams have been pushed for years: just patch faster. Automate remediation. Chip away at that vulnerability backlog (and do it quickly). But speed isn’t the only problem, context matters too. It’s critical

Compensating Controls for Exposure Management: The Ultimate Guide

In a perfect world, you’d have enough time and resources to address every vulnerability and exposure. You could carefully implement tailored remediations that address specific security gaps. Patches would have little to no impact on

CardinalOps in the Preemptive Exposure Management Gartner Report

Security teams aren’t just asking “are we vulnerable?” anymore. They’re asking, “Where are we exposed…. and what can we do about it before something happens?” That’s the future Gartner lays out in their June 2025

Bird’s Eye View: 2025 State of Detection Webinar

Download this webinar to explore findings from the 2025 State of SIEM Detection Risk Report and learn how to implement best practices aligned to the report’s key takeaways. In this recording, Dr. Anton Chuvakin, Senior

2025 State of SIEM Report

In our fifth annual report, CardinalOps analyzed a range of production SIEM environments to evaluate the coverage, health and overall performance of enterprise threat detection programs. This report includes the data of 13,000 detection rules

Detection Pitfalls You Might Be Sleeping On

Detection engineering isn’t just about finding bad behavior. It’s about understanding how attackers appear normal—on accident or by design. Some of the most successful evasion techniques don’t involve zero-days or encryption. They rely on you writing

Polymorphic AI Malware: A Real-World POC and Detection Walkthrough

What Is Polymorphic AI Malware? Polymorphic AI malware refers to a new class of malicious software. It leverages artificial intelligence models, such as GPT-based language models, to dynamically generate, obfuscate, or modify its own code

The Analyst Who Cried Malware: Rethinking False Positives and Alert Fatigue

False positives aren’t just annoying. They’re corrosive. Every unnecessary alert chips away at the analyst’s attention span. Every poorly designed rule teaches the SOC to distrust its own tools. Every noisy detection makes it harder

Closing the Gaps in Linux Auditing & Detection Strategies

Linux systems are often overlooked when setting up security auditing and threat detection strategies. The main reason is that Linux auditing is far less explored by the security community than Windows auditing. A survey done