Research
AI Artifacts: A New Layer of Endpoint Activity to Hunt
AI assistants and coding tools introduce a new layer of endpoint activity. These tools operate with a high degree of access: they read local files, execute commands, persist prompts and context, and communicate with external APIs. In many environments, this creates a blind spot where AI-assisted activity can occur with little to no detection coverage.
coreSigma: Developing an Endpoint Security Framework Pipeline
The need for standardized macOS detection capabilities is clear. Based on the response to introducing coreSigma, we wanted to make it even easier for the community to gain additional macOS observability and implement their own macOS detections in their environment. That’s why we’ve made coreSigma publicly available in the Nebulock GitHub repository.
coreSigma: Expanding Sigma Detection for macOS
coreSigma, a macOS endpoint telemetry collection, detection, and analysis app built with the primary goal of extending Sigma's capabilities for macOS ESF and UL logs. Learn how coreSigma expands visibility and ways take a more proactive approach to macOS threat detection and response.
Find hidden threats between the layers
Beacuse breaches happen in silence