Security Research & Threat Intelligence
In-depth analysis of threats, hands-on lab testing, detection engineering, and security tooling — by a practitioner, for practitioners.
Subscribe to receive curated threat intelligence briefings — CVEs, malware trends, and MITRE ATT&CK insights delivered straight to your inbox.
Build a Splunk custom search command that enriches IOCs via DFIR Platform API. Includes Python code, commands.conf configuration, packaging as a Splunk app, and example SPL queries.
Integrate DFIR Platform's IOC enrichment API with Wazuh for real-time alert enrichment. Includes integratord configuration, active response scripts, and example alert workflows for SOC teams.
Integrate DFIR Platform's multi-source IOC enrichment API with TheHive as a Cortex analyzer. Python code examples, architecture walkthrough, and step-by-step setup for SOC teams.
A practical walkthrough of digital forensics investigation steps for SOC analysts — covering detection, containment, eradication, recovery, and reporting based on the NIST SP 800-61 framework.
Learn how an exposure scanner API aggregates 11 intelligence providers—Shodan, SecurityTrails, Criminal IP, and more—into a single API call with a 0–100 risk score. See how DFIR Lab's attack surface management tool compares in cost and capability.
VirusTotal is the industry standard for IOC enrichment, but its rate limits and enterprise pricing leave small and mid-size teams behind. Here's how DFIR Platform compares as a VirusTotal API alternative for SOC analysts and MSSPs.
Free tier · No credit card required