SNORT 101 (Part 03)
Snort Rules Each rule should have a type of action, protocol, source and destination IP, source and destination port and an option. Remember, Snort is in passive mode by default.…
SNORT 101 (Part 02)
SNORT in IDS/IPS mode IDS/IPS mode with parameter "-A" There are several alert modes available in snort; console: Provides fast style alerts on the console screen. cmg: Provides basic header details with payload…
Snort 101 (Part 01)
Intrusion Detection System (IDS) IDS is a passive monitoring solution for detecting possible malicious activities/patterns, abnormal incidents, and policy violations. It is responsible for generating alerts for each suspicious event. There…
Posted inSplunk Exploring SPL
Splunk SIEM: Search Processing Language (SPL) Basics
Splunk Search Processing Language comprises of multiple functions, operators and commands that are used together to form a simple to complex search and get the desired results from the ingested…
Posted inSplunk Splunk Basics
 Ship OPNSense Firewall Logs To Splunk SIEM
Shipping OPNsense firewall logs to Splunk centralizes log management, allowing for seamless consolidation with other network and system logs. This integration enhances visibility into network traffic, enabling the identification of…
Posted inwazuh
Wazuh: VirusTotal Integration
Wazuh Integration with VirusTotal Overview Wazuh integrates with VirusTotal to detect malicious files via the File Integrity Monitoring (FIM) module. This allows inspection of monitored files for potential threats. About…
Operationalizing Security: CALDERA Meets WAZUH (PART II)
Adversary emulation with Caldera and Wazuh Please visit here to read PART I of this series, which explains the Caldera setup and Windows agent installation. Agent setup Deploy Agents on…
Posted inRED TEAM
Operationalizing Security: CALDERA Meets WAZUH (PART I)
CALDERAâ„¢ is an open-source framework designed to run autonomous adversary emulation exercises efficiently. It enables users to emulate real-world attack scenarios and assess the effectiveness of their security defences. In addition,…
(TryHackMe) Servidae: Log Analysis in ELK
Link to the TryHackMe Room; https://tryhackme.com/r/room/servidae Room Objectives: Get familiar with the Elastic (ELK) Stack and its components. Understand the significance of log data analysis in detecting and investigating security…
Threat Detection Engineering
Threat Detection Engineering (TDE) involves designing, implementing, and refining security measures to identify and respond to threats. Here are some key topics and domains covered under TDE: Threat Intelligence: Gathering,…