Learn. Share. Secure. Access product knowledge, get certified, and collaborate with the global Securonix user community.
Join the discussion, ask questions, get solutions.
Discover product guides and helpful how-tos.
Join groups and collaborate with peers.
Stay up to date with our product team.
Share your ideas and suggestions with our team.
Discover and join upcoming events.
Explore Securonix solutions, products, and company insights
Access product guides, release notes, and technical documentation
Discover the ThreatQ threat intelligence platform and solutions
Find step-by-step guides, release notes, and troubleshooting resources
Discover and deploy integrations, extensions, and apps for the ThreatQ platform
Canary Files Canary files are decoy documents placed in strategic locations to detect unauthorized file access, data exfiltration attempts, or ransomware activity. Besides creating these files manually in your network, Blue Teams can use free online
A state-sponsored supply chain attack compromised Notepad++'s update infrastructure from June to December 2025, Ampcus Cyber enabling Chinese APT group Lotus Blossom Securelist (aka Billbug, Lotus Panda, Raspberry Typhoon) to deliver malicious payloa
Introduction Cyber deception is a proactive defense strategy that deploys decoy assets (canaries, honeypots, honeytokens) throughout your environment to detect adversary presence. Unlike traditional security tools that rely on signatures or known mal
The Interlock ransomware group has weaponized a gaming anti-cheat driver vulnerability (CVE-2025-61155) in a sophisticated BYOVD attack chain to disable endpoint security tools before encryption. This novel technique emerged in campaigns targeting he
The 2024 funding crisis exposed a fundamental truth: we've built critical infrastructure without critical infrastructure protection.CVE IDs are now the universal language of vulnerability management. Every major vendor uses them. Every scanner depend
Beyond patching for VMware vCenter Server's DCERPC protocol, I HIGHLY recommend incorporating Sysmon and Sysmon For Linux into any security stack. And here's why. From a Sysmon telemetry perspective, detecting exploitation attempts and post-compromis
Last year in October, phishing statistics show a tactical evolution with 40% of business-targeted phishing emails now AI-generated, producing perfectly personalized, grammatically flawless attacks that eliminate traditional detection markers. Attacke
The STR Team was presented with the following questions: What are the most recent toolchain improvements that you see **Kimsuky** developing and deploying? What are the most recent toolchain improvements that you see **Lazarus** developing and deploy
This is, in my opinion, only the beginning of what we will see in the future of "AI Powered" everything. As new innovations land in the hands of cyber professionals and criminals, both sides will find ways to enhance their playbook to maximize their
The XWiki CVE-2025-24893 exploitation campaign demonstrates a rapidly evolving multi-faceted attack landscape where threat actors leverage unauthenticated remote code execution through Groovy code injection in the SolrSearch macro. Attackers employ a
During an undetermined number of executions of my playbook, it crashes. Is there a way to validate how many executions have been performed and whether they are causing instability in my service?
When a feed fails—or while developing a new feed—users often download Feed Run files to troubleshoot and understand what went wrong.Currently, these files are automatically zipped and password protected. This design helps prevent the files from being
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
