Post

Cobalt Strike: Whether It Is a Red Team or an Adversary, Detect It with QRadar

Posted
By Pietro Melillo
1 min read
Cobalt Strike: Whether It Is a Red Team or an Adversary, Detect It with QRadar

Cobalt Strike and QRadar detection overview

Overview

This post links to my technical contribution published on the IBM Community, focused on detecting Cobalt Strike activity with IBM QRadar.

Cobalt Strike is widely used in legitimate red team operations, but it is also frequently abused by adversaries during intrusion campaigns. The article discusses how security teams can approach detection from a defensive perspective, using SIEM logic, behavioral indicators, and threat intelligence to distinguish suspicious activity from authorized testing.

The contribution reflects a practical detection-engineering perspective: understanding the tool, identifying meaningful telemetry, and translating adversary behavior into actionable monitoring logic.

Publication

Read the article on IBM Community

The article remains part of my early technical work on threat detection, adversary emulation, and CTI-driven monitoring with enterprise SIEM platforms.

Publications, Threat Detection
Cobalt Strike QRadar Threat Detection Red Team IBM CTI
This post is licensed under CC BY 4.0 by the author.