Long-term Search Cover Piergiorgio Venuti

Long-term search: what’s new in the SOCaaS service

Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity behavior analysis (UEBA) in their security operations center (SOC). The new functions of the SOC service, including long-term search, are oriented towards the increasing offer of additional tools for the optimal management of corporate security.

We continue to innovate our platform to increase the power of SOC in fighting ransomware and other threats. In our latest release, we have added even more machine-learning and context-aware detection capabilities that enable security analysts to tackle the most sophisticated attacks. Furthermore, the latest updates bring an ever greater ease of use for security architects.

Long-term search - SOCaaS news

Long-term search for the security analyst

The service introduces a number of innovations to reduce detection and response times for security analysts and threat seekers.

Improved detection of sophisticated threats

Long-term search helps analysts discover hidden threats by providing a search capability on archived data. The search is scalable and does not affect SIEM performance.
Analytics Sandbox helps break down false positives by providing an online QA environment to test and validate use cases.
– Persona-based threat chains detect advanced threats more accurately, including the dynamic relationship between users, hosts, IP addresses, and email addresses. Analysts benefit from greater visibility into the progression of an attack. This feature combines suspicious activity from a single user into a single priority alert, instead of separate and unrelated alerts.
Relative Rarity offers analysts a broader context on how rare an event is compared to all other events in their environment.
Viewing security alerts using the MITER ATT&CK Threat Framework helps analysts prioritize risk and reduce response times.

Reduction of response times

Improved case management allows for better management, sharing and investigation of alarms, allowing operators to respond more quickly.
New EDR integrations improve incident response by providing additional endpoint data from CarbonBlack Defense, Tanium, Symantec DLP and others.
Better search views improve the analyst experience by reducing detection and response times. They help analysts easily identify compromised accounts, data exfiltration, and associated hotspots.

Why long-term search is so important

With a global dwell time of around 60 days on average, threat hunting continues to be an important part of cybersecurity resilience. However, searching through the data history usually takes a long time.

Many vendors are unable to dynamically scale a quick search through archived data without significant effort. The latest features of our SOCaaS provide this possibility for threat hunters with long-term search on an almost unlimited scale. With long-term research, organizations can reduce the time it takes to investigate and find threats that are already in their environment.

Analysts need to continually query the data to see if there are new threats. For example, an analyst might learn from a trusted source that their industry has been targeted. At this point we need to investigate a new indicator of compromise that has just been discovered to verify if an attacker is already inside.

Through long-term search, SOD’s native SOCaaS SIEM allows threat hunters to be proactive, making historical data research fast and convenient.

Conclusions

By introducing new technologies into our SOC service, we are offering more and more security for our customers.

We take care of your data by verifying not only that it is not safe now, but also that it has not been breached in the past. In case we suspect a new threat, we know how to spot it.

If you have any questions, contact us, we will be happy to answer all your questions.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS Unknown Feed

RSS Full Disclosure

  • OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read June 21, 2026
    Posted by shj on Jun 20------------------------------------------------------------------------ OpenBSD mpls_do_error: Remote Kernel Stack Disclosure via MPLS Label Stack Over-read ------------------------------------------------------------------------ Affected:  OpenBSD -current prior to 2026-06-18 (fixed in -current) Vendor:    OpenBSD Severity:  Medium Reporter:  Argus Systems Date:      2026-06-12 CVE:       CVE-2026-56099 1. SUMMARY ========== The...
  • OpenBSD sppp_pap_input: PAP authentication bypass June 21, 2026
    Posted by shj on Jun 20------------------------------------------------------------------------ OpenBSD sppp_pap_input: PAP Authentication Bypass via Zero-Length bcmp ------------------------------------------------------------------------ Affected:  OpenBSD all versions through 7.6 (fixed in -current) Vendor:    OpenBSD Severity:  High Reporter:  Argus Date:      2026-06-16 1. SUMMARY ========== The sppp_pap_input() function in sys/net/if_spppsubr.c uses...
  • SEC Consult SA-20260618-0 :: Hardcoded Root Cloud Credentials in Application Binaries in Silver Leaf Technologies - Worksnaps.net Worksnaps June 21, 2026
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20SEC Consult Vulnerability Lab Security Advisory < 20260618-0 > ======================================================================= title: Hardcoded Root Cloud Credentials in Application Binaries product: Silver Leaf Technologies - Worksnaps.net Worksnaps vulnerable version:
  • SEC Consult SA-20260617-1 :: Multiple Vulnerabilities in Quanos Content Solutions - SCHEMA ST4 June 21, 2026
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20SEC Consult Vulnerability Lab Security Advisory < 20260617-1 > ======================================================================= title: Multiple Vulnerabilities             product: Quanos Content Solutions - SCHEMA ST4  vulnerable version: All versions of SCHEMA ST4 on-premises     fixed version: Not applicable, see workaround section for mitigation. […]
  • SEC Consult SA-20260617-0 :: Multiple Critical Vulnerabilities in Sprecher Automation SPRECON-E-C/-E-P/-E-T3 June 21, 2026
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20SEC Consult Vulnerability Lab Security Advisory < 20260617-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: Sprecher Automation SPRECON-E-C/-E-P/-E-T3  vulnerable version: See vulnerable versions below fixed version: See solution section below          CVE number: CVE-2022-4333, CVE-2022-4332, CVE-2025-41741,        ...
  • SEC Consult SA-20260616-0 :: Broken Access Control in syracom AG Secure Login (2FA) for Atlassian Jira / Confluence / Bitbucket #CVE-2026-12225 June 21, 2026
    Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 20SEC Consult Vulnerability Lab Security Advisory < 20260616-0 > ======================================================================= title: Broken Access Control             product: syracom AG Secure Login (2FA) for Atlassian Jira / Confluence / Bitbucket  vulnerable version: 3.4.0.x       fixed version: 3.5.0.0 CVE number: CVE-2026-12225 […]
  • APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211 June 21, 2026
    Posted by Apple Product Security via Fulldisclosure on Jun 20APPLE-SA-06-16-2026-1 Beats Firmware Update 1B211 Beats Firmware Update 1B211 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127557. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Bluetooth Available for: Beats Studio Buds Impact: […]
  • PHP 8.5.7 `levenshtein()` signed-integer overflow June 21, 2026
    Posted by Khashayar Fereidani on Jun 20# PHP 8.5.7 `levenshtein()` signed-integer overflow **Author:** Khashayar Fereidani **Disclosure Date:** 2026-06-18 **Advisory:** https://fereidani.com/php-857-levenshtein-signed-integer-overflow **Contact:** https://fereidani.com/contact ## Description The `levenshtein()` function calculates the Levenshtein distance between two strings, optionally accepting custom costs for insertion, replacement, and deletion operations. In PHP 8.5.7, the...
  • PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow June 21, 2026
    Posted by Khashayar Fereidani on Jun 20# PHP 8.5.7 `dom_xml_serialization_algorithm()` stack-overflow **Author:** Khashayar Fereidani **Disclosure Date:** 2026-06-18 **Advisory:** https://fereidani.com/php-857-domxmlserializationalgorithm-stack-overflow **Contact:** https://fereidani.com/contact ## Description The `dom_xml_serialization_algorithm()` and `dom_xml_serialize_element_node()` functions in `ext/dom/xml_serializer.c` rely on unbounded recursion to serialize XML nodes....
  • PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow June 21, 2026
    Posted by Khashayar Fereidani on Jun 20# PHP 8.5.7 `mb_substr()` &apos;SJIS-mac&apos; size_t underflow **Author:** Khashayar Fereidani **Disclosure Date:** 2026-06-18 **Advisory:** https://fereidani.com/php-857-mbsubstr-sjis-mac-sizet-underflow **Contact:** https://fereidani.com/contact ## Description The `mb_get_substr()` function in `ext/mbstring/mbstring.c` deliberately skips an early empty return guard for the `SJIS-mac` encoding when `from >= in_len`. As a result, it falls...

Customers