Thoughts From The Nest

Blog, updates, and release notes

Release Notes

June 2, 2017


New
Public Backtest API
  • Manage API token and credentials in Perch
  • Get token, backtest observables, profit!
New
(Soon) Additional suppression scopes:
  • Global: the Perch SOC will be able to suppress false positives for every group in a single action; we’ll be able to clean up the noisy, false positive intel more quickly so that the gems with real value can shine through.
  • Community: community leaders will be able to groom their own intel from within Perch; a community that preens together, stays together, right?
  • Individual Host: have a single host that you know triggers a FP, but you don’t want to completely ignore the indicator for other hosts? Now you can suppress an event for just one of them.
New
Sensor Health Summary:
  • Consolidated view of all of your group’s sensors and their health
  • Warnings for low resources and abnormal conditions:
    • Old rules and low rule counts
    • Sensor not uploading data
    • In the Admin menu: Sensor Summary
New
Emerging Threats (and Pro) selectable feeds
New
Unmonitored network filtering at the sensor
  • Perch takes the list of unmonitored network subnets for your group and sends it to the sensor so that it knows to ignore those networks in its detections.
  • Results in less work for the sensor, allowing us to do more with the hardware; less data sent to Perch, less outgoing network traffic for you, and less to process and store for us! It’s a genuine win-win paradigm-shifting value add, look at all this synergy! Give Canute and Chris a raise, this is amazing!
New
Alert filtering now considers subnet names
New
(Soon) Restart tours: watch them again and again with your friends and family!
New
Touch ups and polish here and there; retry button added to the end of the signup process when there is an error registering.
Bugfix
User group page no longer shows all of the groups from all of your communities, but only those you are actually a member of.
Note
Perch reaches it’s 1000th build and Perchy has his first birthday!

Just like always, Perch detected indicators for the infamous Grizzly Steppe minutes after DHS released them. Read about how we were able to diffuse any panic or confusion for our users before “the Russians are coming” even hit the news that day. Check out the full article here.

Read More


Over the last 6 years, I have been entrenched in Cyber Security. Packet capture Network Forensics Identity and Access Management Threat Intelligence During my nPulse Technologies days (acquired by FireEye), I relearned all the network packet stuff that I had been taught in college. The OSI network layers, VLANs, Q-in-Q… oh boy! Reassembling packets (with python no less) was a REALLY fun exercise… never made it into the product, since there were open source tools that did it better (faster?

Read More


Information Security: It doesn’t have to be so expensive (or complicated!) The Bad News For Small/Medium Businesses (SMBs), you can’t approach information security the same way your bigger brothers do. Face it, Capital One has a much larger information security (infosec) budget than the Downtown Credit Union in Powhatan, VA. Small companies don’t have the same staffing models, technology expertise or highly specialized analysts that focus solely on protecting data. Sure, there are free and open source tools, for example, but they still require expertise and time to get them up and running, not to mentioned tuned, maintained, updated, etc!

Read More