Tag

SOC

14 articles on soc.

← All blog posts
Agentic AI Threat Mapping: MITRE ATT&CK Needs Evidence-Rich Workflows
AI & MLJul 8, 2026

Agentic AI Threat Mapping: MITRE ATT&CK Needs Evidence-Rich Workflows

Anthropic mapped AI-enabled cyber activity to MITRE ATT&CK and found gaps around autonomous orchestration. SOC teams need AI summaries tied to evidence, not unsupported verdicts.

4 min read
AI-Enabled Cyberattacks and MITRE ATT&CK: Turning New Threat Maps Into SOC Action
SOCJun 4, 2026

AI-Enabled Cyberattacks and MITRE ATT&CK: Turning New Threat Maps Into SOC Action

AI-enabled threats are being mapped into ATT&CK language, but mapping is only useful when it drives enrichment, detection, triage, and response workflows.

8 min read
SOC Alert Fatigue: How Threat Intelligence Reduces False Positives Without Hiding Real Attacks
SOCJun 4, 2026

SOC Alert Fatigue: How Threat Intelligence Reduces False Positives Without Hiding Real Attacks

Alert fatigue is not a staffing problem alone. SOC teams need better evidence, source quality, confidence bands, and enrichment workflows that turn noisy alerts into defensible decisions.

8 min read
Pourquoi les CVE sont critiques pour les SOC, même quand tout semble déjà monitoré
VulnerabilitiesMay 24, 2026

Pourquoi les CVE sont critiques pour les SOC, même quand tout semble déjà monitoré

Les CVE ne sont pas seulement un sujet patch management : elles structurent la priorisation SOC, le threat hunting, les contrôles compensatoires et la communication de crise.

5 min read
Sources de données CVE : comment construire une vision fiable du risque vulnérabilité
ResearchMay 24, 2026

Sources de données CVE : comment construire une vision fiable du risque vulnérabilité

NVD, OpenCVE, CISA KEV, GCVE, EPSS, CERT-FR, MSRC, GHSA, Exploit-DB, Nuclei et advisories fournisseurs : comprendre le rôle de chaque source dans une plateforme CVE exploitable.

6 min read
Threat Intelligence Risk Scoring: How to Calibrate Reputation, Reduce False Positives, and Defend Your Decisions
ResearchApr 30, 2026

Threat Intelligence Risk Scoring: How to Calibrate Reputation, Reduce False Positives, and Defend Your Decisions

A noisy score is worse than no score. Learn what makes a reputation model trustworthy, how to combine multi-source evidence, and how to communicate uncertainty to your SOC and your executives.

5 min read
ASN Reputation for Threat Intelligence: How Autonomous System Intelligence Improves Prioritization and Hunt Programs
GuideApr 27, 2026

ASN Reputation for Threat Intelligence: How Autonomous System Intelligence Improves Prioritization and Hunt Programs

An IP address is a snapshot; an autonomous system (ASN) is a neighborhood. Learn how to use ASN context safely for triage, fraud, and security operations—without mistaking a giant cloud for a monolithic "bad host".

5 min read
Threat Intelligence Platforms: Architecture, Data Quality, and High-Signal Feeds
ResearchApr 26, 2026

Threat Intelligence Platforms: Architecture, Data Quality, and High-Signal Feeds

Design TIPs and intel pipelines that scale: normalization, confidence scoring, deduplication, API-first delivery, and how to pair platform investments with analyst workflows.

9 min read
IOC Enrichment APIs: A Security Operations Guide to Faster Triage, Fewer False Positives, and Measurable ROI
APIApr 26, 2026

IOC Enrichment APIs: A Security Operations Guide to Faster Triage, Fewer False Positives, and Measurable ROI

An indicator without context is a ticket without an owner. Learn how IOC enrichment APIs work, which fields SOC teams need at each tier, and how to wire them into case management without building a data swamp.

6 min read
OSINT for SOC Analysts: Turning Open Source Intelligence Into Actionable Threat Intelligence
SOCApr 23, 2026

OSINT for SOC Analysts: Turning Open Source Intelligence Into Actionable Threat Intelligence

A complete guide to open source intelligence (OSINT) for security operations—tools, techniques, workflows, and legal considerations for collecting, analyzing, and operationalizing open threat data in a modern SOC.

10 min read
Hash Reputation at Scale: Building Detection Rules That Survive Real Networks
ResearchApr 22, 2026

Hash Reputation at Scale: Building Detection Rules That Survive Real Networks

Move beyond one-off hash blocks: design reputation pipelines, reduce false positives, and integrate file intelligence with IP and domain context for enterprise-grade detection engineering.

9 min read
File Hash Reputation Lookups: Accelerating Incident Response With IOC Enrichment
Incident ResponseApr 22, 2026

File Hash Reputation Lookups: Accelerating Incident Response With IOC Enrichment

A practitioner's guide to file hash reputation lookups—how they work, which data sources power them, how to build automated IOC enrichment pipelines, and how to integrate hash intelligence into SOC, SOAR, and incident response workflows.

10 min read
Operational Threat Intelligence: Turning IOCs into Prioritized Security Actions
GuideApr 19, 2026

Operational Threat Intelligence: Turning IOCs into Prioritized Security Actions

Define operational CTI that SOC teams can use daily: IOC lifecycle, confidence scoring, feed hygiene, and how to align indicators with detection engineering and incident response.

9 min read
Métriques SOC : quels indicateurs suivre pour la cybersécurité
SOCApr 7, 2026

Métriques SOC : quels indicateurs suivre pour la cybersécurité

Un SOC efficace ne se juge pas au volume d’alertes. Voici les KPI utiles pour mesurer la détection, la réponse et l’amélioration continue — sans noyer l’équipe sous les tableaux de bord inutiles.

2 min read