Log Management: Basics
Introduction to Log Management Logs are a record of events within a system. These records provide a detailed account of what a system has been doing, capturing a wide range…
NIST – IDENTIFY: Categories and Subcategories
Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives…
Posted inNIST
NIST Cybersecurity Framework v1.1: Fundamentals
NIST Functions Identify – Understand what you have and includes activities such as asset management, governance, risk assessment. Protect – Build safeguards and controls to protect what is important to…
Incident Handling Life Cycle
NIST - Security Incident Handling 1. Preparation The preparation phase covers the readiness of an organization against an attack. That means documenting the requirements, defining the policies, incorporating the security…
Posted inBash Scripting
Bash Scripting
Bourne Again Shell The main difference between scripting and programming languages is that we don't need to compile the code to execute the scripting language, as opposed to programming languages.…
Posted inInvestigating with Splunk Splunk Splunk Basics
Splunk: SPL Cheat Sheet for SOC Analysts
Splunk Cheat Sheet Query to identify failed login attempts: #Query to identify failed login attempts: sourcetype=auth* "authentication failure" | stats count by user | sort -count Query to identify privilege…
Posted inSplunk
Splunk Fundamentals
Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to…
Risk Assessment Methodologies
Risk Management Frameworks There are several frameworks for risk assessment. Example methodologies are: NIST SP 800-30: A risk assessment methodology developed by the National Institute of Standards and Technology (NIST).…
Posted inBLUE TEAM Risk Management
Risk Management – Terminology
Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat: an intentional or accidental event that can compromise the security of an information system. Examples include hacking, phishing attacks, human error,…