SecOps Archives - CardinalOps

How to Prevent and Fix SIEM Rule Failures

Our blog recently outlined the top 10 reasons why rules silently fail, drawing on extensive analysis of SIEM rules in diverse enterprise environments. Check out five of the top 10 causes in part one, and

Bash and Switch: Hijacking via Windows Subsystem for Linux

Windows Subsystem for Linux (WSL) is a feature in Windows that allows users to run a real Linux user space directly inside Windows, without needing a virtual machine or dual-boot setup. This feature is commonly

MCP Defaults Will Betray You: The Hidden Dangers of Remote Deployment

The Model Context Protocol (MCP) enables seamless integration between large language models (LLMs) and external tools. It powers agent-driven workflows in platforms like Claude Desktop and GitHub Copilot. Typically, developers use MCP servers to expose

Polymorphic AI Malware: A Real-World POC and Detection Walkthrough

What Is Polymorphic AI Malware? Polymorphic AI malware refers to a new class of malicious software. It leverages artificial intelligence models, such as GPT-based language models, to dynamically generate, obfuscate, or modify its own code

The Analyst Who Cried Malware: Rethinking False Positives and Alert Fatigue

False positives aren’t just annoying. They’re corrosive. Every unnecessary alert chips away at the analyst’s attention span. Every poorly designed rule teaches the SOC to distrust its own tools. Every noisy detection makes it harder

Closing the Gaps in Linux Auditing & Detection Strategies

Linux systems are often overlooked when setting up security auditing and threat detection strategies. The main reason is that Linux auditing is far less explored by the security community than Windows auditing. A survey done

CardinalOps Solution Brief: Detection Posture Management

CardinalOps Detection Posture Management automates detection engineering processes and continuously expands your MITRE ATT&CK coverage, ensuring you detect the threats that matter most.

SANS Webinar Highlights — Detection, Meet Prevention: Enriching Defenses with MITRE Mitigations

During the SANS Spring Cyber Solutions Fest’s Detection & Response track, Jay Lillie, CardinalOps VP of Customer Success, and Dr. Anton Chuvakin, Advisor to the Google Office of the CISO, discussed ways to improve SOC

Detection, Evasion, and the Pursuit of Immutable Artifacts

You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar

Monitoring Granular SOC Metrics: Peak Network Traffic and Initial User Logins

When considering KPIs for your SOC, mean time to detect, contain, and remediate (MTTR, MTTC, and MTTR); incident and alert volumes; and false positive rates get most of the attention. Regularly monitoring these higher-level metrics

Leveraging Metrics in Google SecOps SIEM for Enhanced Threat Detection

Google Security Operations (SecOps) SIEM offers powerful tools for threat detection, and one of its most valuable features is the use of metrics within YARA-L rules. Metrics allow you to aggregate historical data over extended

CardinalOps Case Study: Repsol Increases SOC Efficiency and Productivity While Fixing Detection Gaps

See how Repsol, one of the world’s largest energy companies, integrated CardinalOps into their security operations and helped to optimize their SOC with automation, enhanced speed, and accuracy. With CardinalOps, Repsol SecOps significantly increased its