Producing actionable intelligence must be the mindset that every Threat Intelligence analyst must set as their primary objective. The problem of properly integrating Threat Intelligence into Security Operations processes is a recurring one. In this article, I aim to describe the integration process we, at Würth IT, have implemented, which allows us to produce actionable…
Read More
During the NetEye Conference 2025, I discussed several analysis use cases where integrating threat intelligence information can help build a useful framework for further alert analysis. Below, I’ll share a possible analysis approach for each use case. Case 1 – Alert about scan attempts from an AWS IP SOC Analyst’s decision: “Ouch, this IP is…
Read More
In this article, I want to introduce an important new development we have introduced within the SATAYO Threat Intelligence Platform (TIP). Our experience has shown that favicons, those seemingly innocuous icons used in browser tabs and bookmarks, can be a rich and often overlooked source of intelligence. By systematically analyzing these artifacts, we’ve established a…
Read More
WARNING: This post is constantly updated based on new evidence related to the data breach. The famous company Gravy Analytics seems to have suffered an attack. In fact, inside the XSS forum, a post was published, on Sunday night by the user nightly, reporting some evidence of what appears to be a really important exfiltration….
Read MoreOriginally developed as a proof of concept, SATAYO was designed to gather and analyze OSINT (Open Source Intelligence) data on a single machine. Initially, the platform functioned as a single-threaded script, and scaling was only considered later. As SATAYO’s capabilities evolved to meet the needs of more clients and monitor a greater number of domains,…
Read MoreIn this post, we’ll explore the synergy between a Cyber Threat Intelligence (CTI) platform and a traditional Security Operations Center (SOC) service. For those interested in the topic, I recommend reading my previous article, where I demonstrated a concrete example of integration between our SIEM and SATAYO, the CTI platform we use in our SOC….
Read More
Many of you have probably already heard about the MITRE ATT&CK framework. This framework is an important point of reference at the international level and is used within thousands of projects, detection rules, platforms. The Adversarial Tactics, Techniques, and Common Knowledge is a guideline for classifying and describing cyberattacks and intrusions. It was created by…
Read More