Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
name: Suspicious WMI QoS Policy Instance Creation Targeting Security Processes Analyticsignatureid: EDR-SYM933-RUNcategory: 'Defense Evasion'threatname: 'Impair Defenses: Disable or Modify Tools'functionality: 'Endpoint Management Systems'description
Published: June 10, 2026Tags: Defense Evasion, EDR Bypass, Red Team, T1562.001, Windows InternalsIntroductionFor years, the conversation around EDR bypass has centered on one of two approaches: kill the agent process outright, or cut its network acce
Audience: Securonix Administrators, Identity Administrators, MSSPs Product Module: Administration → Settings → SAML Settings Last Updated: February 27, 2026 KB ID: KB-20260227-uds-sso-login-failuresTags: SAML, SSO, Azure AD, Okta, Authentication, Red
name: Suspicious Developer Secret Access via Node.js Ecosystem Analyticsignatureid: EDR-SYM931-RUNcategory: 'Credential Access'threatname: 'Unsecured Credentials'functionality: 'Endpoint Management Systems'description: | Detects Node.js ecosystem
Published: June 4, 2026Tags: Supply Chain, npm, Credential Theft, CI/CD Security, T1195.002IntroductionOn June 1, 2026, a credential-stealing worm quietly embedded itself into 32 officially published packages under Red Hat's @redhat-cloud-services np
Published: June 2026Severity: CVSS 6.8 (Important) | Physical Access RequiredAffected Platforms: Windows 11 24H2, 25H2, 26H1 (x64) | Windows Server 2025 | Windows Server 2025 Server CorePatch Status: No patch available. Mitigation script released May
name: Netlogon Service Anomalous Restart or RPC from Non-DC Source Analyticsignatureid: WEL-SYS01-ERIcategory: 'Initial Access'threatname: 'Exploit Public-Facing Application'functionality: 'Microsoft Windows'description: | Detects the Netlogon servi
name: LSASS Crash on Domain Controller Potentially Related to Netlogon Analyticsignatureid: WEL-APP01-RUNcategory: 'Impact'threatname: 'Network Denial of Service'functionality: 'Microsoft Windows'description: | Detects LSASS application crashes on W
Windows Netlogon CLDAP Stack Buffer Overflow RCEPublished: June 3, 2026 Severity: Critical | CVSS 3.1: 9.8 Status: Actively Exploited in the WildWhat Is It?CVE-2026-41089 is a pre-authentication, zero-interaction stack-based buffer overflow in the Wi
Have a Product Idea? Help Shape the Future of Securonix Innovation at Securonix is driven by you — our customers and partners. Whether you’ve identified a gap, experienced a challenge, or have an idea for a new feature, we want to hear from you. We’
Did you know SAM understands Diamond Model Analysis? You can ask Sam to create a report on a violation, something that usually takes a LOT of time to do manually. While working a Violation, Ask Sam: Please prepare a diamond model analysisorFor this
Ability to Modify Alert Disposition After ClosureCurrently, if an alert is mistakenly closed as “True Positive” instead of “False Positive,” there is no option available to revert or modify the disposition after closure.Request:It would be very helpf
Greetings,I have an ask from a client to integrate CyberArk API instead of the syslog connector. Currently there is no OOTB parser for it. Would I have to get a cloud collector setup for it?Thank you,Martel
We are pulling data from FS-ISAC into ThreatQ as an event. The issue I am facing here is that we are unable to get the indicators (specifically bank account numbers and phone numbers) ingested into the platform as an indicator.We need to be able to i
Hello, We have recently onboarded Cloudflare audit logs and was instructed by a technician that we could also bring in Cloudflare WAF logs on the same data source. It has been enabled on the application, but we are not seeing the WAF logs. Has anyone
We noticed a log source searchable period has been showing "16hr in future - 91 days ago" for the past 4-5days. How do we fix this?
Is there a reporting feature on the HUB to be able to alert when disk space is filling up, when resources are in over use, or when there is an excessive amount of failures going to the UI?
I have a ton of open and closed sources feeding reports, vulnerabilities & CVE indicators into ThreatQ. Because “reports”, “vulnerabilities”, and “indicators” are all different threat libraries inside of ThreatQ, I’ve struggled to find a way to d
Currently, the RF IOC enrichment action provides only a limited set of attributes, such as risk score and malware verdict. Malware attribution, however, is not included in the enrichment results.Since we are paying for an RF license, we would like to
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
Where security professionals share intelligence and strengthen defense together
Learn More →
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
