Blog

There are three primary vectors that an attacker can use to compromise a network — the hardware, the software, and the user. But whatever vector the attacker is using, the key is identifying and stopping the attack quickly and effectively.

This is a large rule update which is long over due.  This rule update  improves the detection,  accuracy and performance of Sagan.

Quadrant Information Security now offers “DNS over TLS” and “DNS over HTTPS” to the general public. Why is this important?

Jack Crook uses Splunk and recently the ELK stack for threat “hunting”. At Quadrant, we also use Elasticsearch in similar methods Jack describes in his blog, but I wanted to take this opportunity to see if I could mimic his work with Sagan!

Quadrant Information Security announces the next release of their Sagan Technology, which will include a new Malware Detonation component.

To address these two issues, we made Sagan use “memory mapped” files which allow Sagan to “remember” data between system reboots and process restarts. This also allowed for “Inter-Process Communications” (IPC) between Sagan processes.