Blue teaming

Advanced Detection Content Services

As an organization, staying ahead of cyber adversaries is more important than ever. To keep up with the changing threat landscape and protect your business from malicious actors, you need sophisticated content that can detect evolving threats and fast. Creating high-quality detection content takes experience as well as ongoing effort to ensure relevance in this constantly shifting environment.

We offer a way to save your team valuable time and provide you with advanced detection content. Custom-made for you or taken from our repository of existing use-cases; based on our constant research of adversarial techniques, our offensive and defensive engagements, and collaboration with our clients. FalconForce supports with implementing and tuning the use-cases to your environment. This will enable your team to focus on what really matters: keeping your business secure.

Defensive capability workshop

Our detection content is focused on Microsoft Sentinel and the Microsoft Defender suite and is completely aligned with MITRE ATT&CK®. With the access to our advanced use-cases, you are boosting the detection capabilities of Microsoft Sentinel and the Microsoft Defender suite. Our advanced detections go beyond the threats that, for instance, Microsoft Defender picks up out-of-the-box. The use-cases are provided in a format suited to your ingestion requirements. We currently offer YAML, Markdown and JSON formats out-of-the box.

ADCS – booster package for in-house SOCs

Our offering to you: we commit ourselves to delivering a “booster package” of 10 or more use-cases from our current repository to your environment. You can use our premium use-cases to monitor your environment for advanced threats. Each booster package includes access to our advanced detection content including KQL query, meta-data and documentation. Our repository currently contains 350+ custom advanced detections. New content is added every month.

Our premium detection content includes per use-case:

  • KQL query and meta-data.
  • Use-case documentation.
  • Implementation in your environment
  • One-time finetuning in your environment.

 

ADCS – subscription for in-house SOCs

Our offering to you: we commit ourselves to delivering 2 or more new use-cases each month to your environment. The content of the use-cases will be selected together. You can use our premium use-cases to monitor your environment for advanced threats. The subscription includes a steady stream of new (custom) advanced detection content including KQL query, meta-data and documentation, finetuning and maintenance.

Our premium detection content includes per use-case:

  • KQL query and meta-data.
  • Use-case documentation.
  • Implementation in your environment
  • Finetuning in your environment.
  • Use-case maintenance.

 

ADCS – subscription for MSSPs

Our offering to you as MSSP: we offer a ready-to-use Git repository with premium detection content in an agreed-upon format. You can leverage our entire set of detection content. We commit ourselves to adding new use-cases each month to our repository. Our premium use-cases can be used by you to monitor your customers’ environments for advanced threats.

The repository includes per use-case:

  • KQL query and meta-data.
  • Use-case documentation.
  • Finetuning suggestions for deployment in your customers’ environments.
  • Use-case maintenance.

Moreover, we share our toolkit to deploy use cases efficiently to your customers and will support setting up the integration of our repository into your environment.

 

Download our ADCS datasheet 

“Our advanced detection content can greatly boost your threat detection capability!”

Blue teaming

Our other services

Blue consultancy

Looking for expertise to enhance specific parts of your threat detection stack? FalconForce can help! We have expertise in setting up automated deployment pipelines, automating enrichment, custom detection development, BloodHound and testing your detections. Please get in touch so we can discuss what you are looking for and where we can help!

Together. Secure. Today.

Get in touch with one of our professionals

Want to discuss your challenges in more detail or wondering what we can do for you? We are happy to meet you for a (virtual) coffee. Please get in touch!

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.

Energieweg 3
3542 DZ Utrecht
The Netherlands

FalconForce B.V.
[email protected]
(+31) 85 044 93 34

KVK 76682307
BTW NL860745314B01