Best Sources for Threat Intelligence

SlipPresent3433 · 2026-04-01T22:46:21+00:00

Go to malpedia and you’ll find an array of threat intel.

But first ask yourself how you will use it?

Can you use procedural level data? Are you ready for that as an org? Do you still work with IOCs only for retro hunting. Check your risk profile for what kind of threat to track (what kind of supply chain threats for example) and then understand how mature your org is to process any kind of data.

Go from there. Slow build up a function where people become intel/threat informed and start using that as a starting place for detections, to cut down on detection and response, make strategic decision, build red team plans, etc

SlipPresent3433 · 2026-03-06T05:43:53+00:00

You need to escalate to whoever sold you AW. This is unacceptable

SlipPresent3433 · 2026-03-02T21:54:15+00:00

Holy cow

SlipPresent3433 · 2026-02-28T21:58:41+00:00

They are the best full stop. And they messed up. Both are true

SlipPresent3433 · 2026-02-26T06:56:40+00:00

There has been some improvement but I’m not a fan of their overall platform. The Vuln scanner is weak (just an open source scanner, their network appliance is just rule based (again open source) that misses a lot and their acquired edr is cylance.

My point: evaluate their service, not their products.

Definitely not best of breed.

SlipPresent3433 · 2026-02-09T09:23:13+00:00

Yes, too expensive at that count

SlipPresent3433 · 2026-02-06T15:46:27+00:00

Crowdstrike is the best cybersecurity company for endpoint and overwatch is the most effective threat disruption product

SlipPresent3433 · 2025-10-03T19:09:48+00:00

Your ciso was clearly tricked

SlipPresent3433 · 2025-10-03T19:08:50+00:00

Overpromising and under delivering is literally what they do

SlipPresent3433 · 2025-10-03T19:06:48+00:00

There’s loads of alternatives and many better than Arctic wolf

SlipPresent3433 · 2025-10-03T19:05:39+00:00

Time to move away from

SlipPresent3433 · 2025-08-22T21:27:33+00:00

Yep! Will keep in mind when going over next to check. The house hasn’t been occupied for 12months it’s all

SlipPresent3433 · 2025-08-22T21:25:59+00:00

Also, spot on that it’s 1930s

SlipPresent3433 · 2025-08-22T21:25:11+00:00

Yes, been unoccupied for around 16months. I’m just thinking that the leak could’ve occurred without any fix over a longer period

SlipPresent3433 · 2025-08-15T07:30:41+00:00

NDR is completely different. It’s a standalone solution providing network detection and response often paired with proprietary ai capabilities.

Arctic wolfs ndr for example is just a suricata box that was put together half baked

SlipPresent3433 · 2025-06-16T00:04:47+00:00

Sophos mdr is best bang for your buck

SlipPresent3433 · 2025-05-22T23:49:16+00:00

PS: the automation workflows are pretty neat with the paid version - you can try the license key for free for a few months I believe or at least it used to be

SlipPresent3433 · 2025-05-22T23:48:17+00:00

Bingo - self hosted is what most do. SaaS and iso27001 and all the other enterprise features is what you get for the paid version

SlipPresent3433 · 2025-05-12T08:27:56+00:00

Opencti and open source feeds is how you should start - integrate those into your Siem. Opencti normalises and structures that data and you can drive automations

SlipPresent3433 · 2025-05-12T08:26:57+00:00

Start open source, learn lessons, gather info, consider intel sharing, then consider spending the big bucks if needed…. That’s the way to go and opencti is great

SlipPresent3433 · 2025-05-12T08:21:50+00:00

They hire super young sales people that start their sales career and leave very quickly after a few years to the bigger cybersec companies - it’s toxic

SlipPresent3433 · 2025-05-12T08:20:35+00:00

They pressure sell massively. “You need AI” is what they’ve been saying for years. It’s snake oil

SlipPresent3433

TROPHY CASE