Reviewed and updated ATT&CK tags in all sigma project rules. On the way to the second Sprint! Thanks to Timur Zinniatullin Anton Kutepov Константин Alexey Lednev Ilyas Ochkov, you guys did a great job. github.com/Neo23x0/sigma/…

The next Sprint starts on October 5! We will focus on Simulation, Detection & Response: develop Red Canary #AtomicRedTeam tests, sigma Rules, and TheHive Responders; improving their coverage of ATT&CK and Atomic Threat Coverage RE&CT frameworks oscd.community/sprints/sprint…

The sprint starts tomorrow! Please keep in mind that you need to create one Pull Request per analytic (sigma rule or Atomic test). Use the How-To as a reference for the rest of the workflow specifics: oscd.community/sprints/sprint… See you in GitHub comments!

Thank you for your continuous support, John Lambert , Thomas Patzke!

Hey, Google Workspace ! OSCD needs a Gsuite/Google Workspace Enterprise test setup in order to implement a Gmail responder for the TheHive using the Gmail API.

The second OSCD sprint is officially ended! Thanks to all contributors! Great job! We will finalize WIP PRs and summarize the results in the upcoming weeks. The initial summary will be delivered this Friday at the Sixth EU ATT&CK Community Workshop: attack-community.org/event/

The Open Threat Research supported OSCD adding 38 Detection Rules (previously developed at their APT29 Hackathon and Threat ThreatHunter-Playbook) to the sigma repository during the sprint! This way, the common initial outcome of the 2nd sprint for the Sigma ruleset is:

here is a way to show your support and send kudos to all hard workers that contributed to sigma, Red Canary, a Zscaler company Atomic Red Team, and TheHive projects during the OSCD sprints! subscribe and share the list: x.com/i/lists/130895… #EUATTACKworkshop

Looking forward to some feedback regarding Sigma Correlations. My plan is to implement them in the new Sigma Converter.

finally, the video has been released: youtube.com/watch?v=Jv558o… thank you for your continuous support, John Lambert!

Slides of the CyCAT project - Lightning Talk given by Saâd Kadhi (M: https://infosec.exchange/@saadk) and Alexandre Dulaunoy @[email protected] are available. If you want to have an overview of the project, please have a look. We welcome feedback and ideas. #cybersecurity cycat.org/assets/slides/…

Just merged the huge OSCD pull request into the Sigma master branch. Lots of new and improved rules. Big thanks to all contributors, it was a pleasure to review!

It was a great honor to help a bit with this initiative! Looking forward to future sprint! #oscd #threathunting #detectionengineering

OSCD Sprint # 2 for "Detection, Simulation & Response" brought 24 new #Cortex responders, including Palo Alto NGFW, Duo Security, Gmail and Azure Active Directory. Full details: github.com/TheHive-Projec… and thehive-project.github.io/Cortex-Analyze… #incidentresponse #sirp #dfir #cybersecurity

I swear the great contributors OSCD this sprint magically knew my orgs tech stack and prioritised it! I need to get in on the action and help next sprint

Would recommend joining in on the next sprint to everyone. Loads of opportunities to help and learn something new.

The agenda of the EU ATT&CK Workshop on 2 June is online: attack-community.org/event/. Super lineup and packed with inspiring talks. Participation free but registration required. ATT&CK sigma CIRCL - @[email protected] CERT-EU @MITREengenuity