Pourquoi votre SOC a besoin de threat intelligence (et comment vraiment l'utiliser)

Publié · 2026-04-28 · 8 min read

La plupart des flux de threat intel sont du bruit. Voici comment on sélectionne les IOCs pour nos analystes SOC.

This article goes deeper into the topic with concrete examples drawn from our managed detection environments. Detailed technical breakdowns, IOCs, and detection rules are reserved for our paying subscribers, but the high-level narrative is here for everyone.

Background

In our SOC, we see thousands of alerts per day across hundreds of client environments. Patterns emerge. This is one of them.

The data presented here is anonymized and aggregated. No specific client environment is identifiable.

Key takeaways

If you remember nothing else from this article, remember these three things: defense-in-depth still works, your weakest control is usually identity, and detection without response is just noise.

# Example IOC pattern (sanitized)
process: powershell.exe
parent: winword.exe
cmdline: -ExecutionPolicy Bypass -EncodedCommand <b64>
network: outbound to non-CDN .com TLD on 443

← Retour à tous les articles

Admin