Linux Threat Detection
Runtime Security, Security Analytics, Detection queries, Network Security, SIEM and event correlation.
Find out more
Linux Threat Detection services include:
- Focus:
- Threat detection primarily focuses on identifying and preventing potential security threats in real-time or near real-time.
- Methodology:
- It involves monitoring and analyzing network traffic, system logs, runtime behavior, and other data sources to identify patterns or anomalies that may indicate a security threat.
- Goal:
- The goal of threat detection is to quickly identify and respond to malicious activities, such as unauthorized access, malware infections, or other suspicious behavior.
- Time Sensitivity:
- Threat detection is generally more focused on immediate response and may not involve deep forensic analysis. It aims to stop or mitigate an ongoing security incident.
We deploy and support below technologies:
- Velociraptor IR
- OSquery Defense Kit + IR scripts
- Splunk
- Elastic Security
- Runtime Security:
- Falco
- Tracee
- Tetragon
- Sysmon
- Sandfly Security
- Zeek NIDS
- Suricata NIDS
- MISP
- Wazuh XDR
- Arkime Full Packet Capture
- Strelka
- Sigma rules
- Yara rules
Our other services
Purple Teaming
Performing Purple Teaming, Detection Engineering and Adversary Emulations.
Find out more
Linux Incident Response
Linux Intrusion Detection, Live and Memory Forensics, Hunting for rootkits and malware detection at scale.
Find out more
Cyber Range
Cyber Range Playground + Hands-on Labs
Find out more
Linux Hardening
Kernel and userspace level hardening, custom SELinux, Apparmor, PAX and seccomp policies. Low level syscall auditing. Falco / Tracee deployments.
Find out more
Infrastructure Security
Secure network services configuration, Container and Virtualization Security, Linux Domain Controller, admin accounting, Active Direcory integration with Linux/HPUX/Solaris/AIX
Find out more