Kim Halavakoski

icon indicating a website link https://sofectalabs.io icon indicating an email [email protected]

icon company @DeductiveLabs @Sofecta @SofectaLabs icon location Åland Islands icon location Security professional / Hacker with some coding skills.

Results 3 issues of Kim Halavakoski

Update/increase max filesize in Suspicious_Size_explorer_exe rule?

1 comment

Hello, Got some hits on this rule when testing on a Windows 10 desktop. C:\Windows\Explorer.exe seems to be 5007KB in Windows 10...should the max filesize be increased a bit to...

MISP to use external database?

1 comment

Hello, I had a look at https://github.com/coolacid/docker-misp/issues/158 regarding MySQL server user/password and have the following question / request: Is it possible, and how, to use an external database for MISP?...

[Rule Tuning] Potential PowerShell Obfuscation via High Special Character Proportion

### Link to Rule https://github.com/elastic/detection-rules/blob/f52aedf41d6b9203647ff37588b14095137e49d2/rules/windows/defense_evasion_posh_obfuscation_whitespace_special_proportion.toml#L10 ### Rule Tuning Type False Positives - Reducing benign events mistakenly identified as threats. ### Description The rule is detecting Powershell Obfuscation in Microsoft Defender...

Rule: Tuning
community
Team: TRADE