How do you analyze iOS malware?

Compared to Windows or Android, iOS malware rarely comes up in my work, but I still want to be prepared for it. I've never really worked with iOS samples before, so I'd really appreciate any advice.
If iOS samples land in your investigation queue, how do you analyze them quickly?
Does anyone actually process iOS samples on a regular basis in your SOC?

reddit.com
u/minfrihet — 7 days ago
▲ 26 r/ciso

What’s the most frustrating part of being a CISO?

Okay guys, I’m tired of seeing security budgets get cut. After an incident everyone suddenly understands the value of cybersecurity. A few months later the conversations about reducing spending start again. Meanwhile, expectations keep growing, and headcount stays the same.

What has been bugging you lately?

reddit.com
u/minfrihet — 12 days ago

Looking for honest opinions on Cortex XSOAR War Room

I’m SOC team lead and I’d like to learn best practices for using the War Room during investigations.
There’s plenty of material showing analyst automation and collaboration through the War Room, but I’d like to understand how it works in real environments.

Do you actually get most of the information you need in a single interface, or do you still switch between the SIEM, TIP or EDR? Are comments and investigation notes really useful or do they become clutter over time?
Any thoughts or feedback would be helpful, whether positive or negative

reddit.com
u/minfrihet — 26 days ago

Looking for honest opinions on Cortex XSOAR War Room

I’m SOC team lead and I’d like to learn best practices for using the War Room during investigations.
There’s plenty of material showing analyst automation and collaboration through the War Room, but I’d like to understand how it works in real environments.

Do you actually get most of the information you need in a single interface, or do you still switch between the SIEM, TIP or EDR? Are comments and investigation notes really useful or do they become clutter over time?
Any thoughts or feedback would be helpful, whether positive or negative

reddit.com
u/minfrihet — 26 days ago

Does anyone use rule feeds in 2026?

We’re considering investing in a few paid rule feeds to save time on building and maintaining detections from scratch, but I’m not sure whether they provide enough value. There are so many public sources available now: threat reports, blogs, GitHub repositories, and detection content from all kinds of vendors and researchers.

If you’ve invested in paid rule feeds, could you share your experience? Which types of rules have delivered the most value for your team?

I’ll be grateful for any help!

reddit.com
u/minfrihet — 27 days ago

Does anyone use rule feeds in 2026?

We’re considering investing in a few paid rule feeds to save time on building and maintaining detections from scratch, but I’m not sure whether they provide enough value. There are so many public sources available now: threat reports, blogs, GitHub repositories, and detection content from all kinds of vendors and researchers.

If you’ve invested in paid rule feeds, could you share your experience? Which types of rules have delivered the most value for your team?

reddit.com
u/minfrihet — 1 month ago