TOPIC

Threat Intelligence

6 posts

DFIRThreat IntelligenceDetection Engineering+2

Welcome, Analyst

DFIR Lab is an independent research platform for digital forensics, incident response, and threat intelligence — built by practitioners, for practitioners. Here's what you'll find.

Mar 14, 20264 min read

WazuhThreat IntelligenceAlert Enrichment+4

DFIR Platform + Wazuh: Real-Time Alert Enrichment

Integrate DFIR Platform's IOC enrichment API with Wazuh for real-time alert enrichment. Includes integratord configuration, active response scripts, and example alert workflows for SOC teams.

Apr 13, 202610 min read

SplunkIOC EnrichmentCustom Search Command+3

DFIR Platform + Splunk: IOC Enrichment via Custom Search Commands

Build a Splunk custom search command that enriches IOCs via DFIR Platform API. Includes Python code, commands.conf configuration, packaging as a Splunk app, and example SPL queries.

Apr 14, 202611 min read

oc-enrichmentThreat Intelligencevirustotal+4

VirusTotal API Alternative: Cheaper Multi-Source IOC Enrichment for Security Teams

Apr 15, 20269 min read

IOC EnrichmentThreat Intelligenceapi+1

VirusTotal API Alternative: Cheaper Multi-Source IOC Enrichment for Security Teams

VirusTotal is the industry standard for IOC enrichment, but its rate limits and enterprise pricing leave small and mid-size teams behind. Here's how DFIR Platform compares as a VirusTotal API alternative for SOC analysts and MSSPs.

Apr 8, 20269 min read

Threat IntelligenceiocIOC Enrichment+3

IOC Enrichment Explained: Why Multi-Source Threat Intelligence Matters

Apr 22, 202610 min read