Skip to content
🎉 Welcome! Threatbear can now offer managed detection and response services for 24x7x365 coverage!

Blog

How to enable the Elastic Defend system extension in macOS Sequoia

Are you having trouble enabling Elastic system extension in macOS Sequoia? This guide helps you navigate the changes and enable the extension!

Read more →

June 24, 2025

Ag-tech Cybersecurity Partner for Darling Downs

Threatbear provides expert cybersecurity advice and technology to the agricultural industry in Toowoomba, Dalby and the Darling Downs.

Read more →

May 6, 2025

Network defence using RouterOS (Part 1)

When looking for threats sometimes you know exactly what you’re looking for. Sometimes — actually often — you only have a general direction in which you wish to conduct your hunt. RouterOS has an operator for a fuzzy search ~ and an operator for an exact match = . This is extremely useful for those situations in which you only have a single clue to go on! If you’re anything like me, once you have a single “high signal” indicator, this then is all the motivation you need to continue the search no matter how arduous.

Read more →

May 26, 2024

Quick and dirty RouterOS forensics

How to quickly perform a basic forensic investigation of a Mikrotik RouterOS system.

Read more →

December 14, 2023

RouterOS visibility using Elastic Security

How to send Mikrotik RouterOS events to Elasticsearch using the Syslog UDP input.

Read more →

December 11, 2023

Properly renaming Proxmox nodes

How to rename proxmox nodes when you have VMs already present on the cluster - this post shows how to do this in 5 steps.

Read more →

October 17, 2022

Using Google Chat for Elastic Security Alerts

How to set up Google chat to receive security alerts from Elastic Defend.

Read more →

April 19, 2022

Getting Dockerd to behave with Snap

How to use the snap version of docker on Ubuntu without dying of frustration.

Read more →

April 18, 2022

Increasing signal to noise ratio for Mitel systems

If you’re responsible for defending Mitel systems, specifically the Mitel MiCollab suite running on Mitel’s “Mitel Standard Linux” you have probably noticed by now that the systems are very noisy from defenders point of view, for example: Yes this is actually a legitimate process tree on a Mitel Micollab system — I was investigating an alert that detects suspicious child processes spawned by Java and this is what I found. With process parent-sibling relationships as long as these being the normal (the full tree is about 20 processes long) it is hard to detect or alert on actual malicious activity.

Read more →

March 27, 2022

Detecting CVE-2021–41379 using EQL

Detect CVE-2021–41379 being exploited using Elastic EQL rules.

Read more →

November 23, 2021

Next 2/2