Endpoint Detection and Response (EDR) : Lima Charlie (Part 01)

This entry is part 1 of 1 in the series Endpoint Detection and Response (EDR)

Views: 24Introduction to Endpoint Detection and Response (EDR) Endpoint Detection and Response (EDR) is a cybersecurity solution designed to detect, investigate, and respond to threats at the endpoint level. Endpoints include devices like laptops, desktops, servers, and mobile devices that connect to an organization’s network. These are often the primary targets for attackers, making them … Read more

SNORT 101 (Part 03)

This entry is part 13 of 4 in the series Instrusion Detection and Prevention

Views: 39Snort Rules Each rule should have a type of action, protocol, source and destination IP, source and destination port and an option. Remember, Snort is in passive mode by default. So most of the time, we will use Snort as an IDS. We will need to start “inline mode” to turn on IPS mode.  The Snort rule structure … Read more

SNORT 101 (Part 02)

This entry is part 14 of 4 in the series Instrusion Detection and Prevention

Views: 6SNORT in IDS/IPS mode IDS/IPS mode with parameter “-A” There are several alert modes available in snort; Only the “console” and “cmg” parameters provide alert information in the console. It is impossible to identify the difference between the rest of the alert modes via terminal. Differences can be identified by looking at generated logs.  IDS/IPS mode with parameter “-A console” … Read more

 Ship OPNSense Firewall Logs To Splunk SIEM

Views: 189Shipping OPNsense firewall logs to Splunk centralizes log management, allowing for seamless consolidation with other network and system logs. This integration enhances visibility into network traffic, enabling the identification of threats like port scans, malware communication, or brute force attacks. By correlating OPNsense logs with logs from other sources, organizations can perform faster root … Read more

(TryHackMe) Servidae: Log Analysis in ELK

This entry is part 1 of 4 in the series TryHackMe

Views: 821Link to the TryHackMe Room; https://tryhackme.com/r/room/servidae Room Objectives: In this room, we will analyze the log data from a compromised workstation using the Kibana interface. Within this room’s tasks, we will explore the components of the Elastic (ELK) Stack and gain insights into the various search and filter functions available in Kibana. Our ultimate … Read more

Threat Detection Engineering

TD_003
This entry is part 18 of 25 in the series Threat Detection Engineering

Views: 20Threat Detection Engineering (TDE) involves designing, implementing, and refining security measures to identify and respond to threats. Here are some key topics and domains covered under TDE: These areas are essential in building a robust threat detection engineering program that keeps up with evolving threats.

Log Analysis: Basics

This entry is part 17 of 25 in the series Threat Detection Engineering

Views: 80Understanding Logs in Infrastructure Systems Logs and Their Role Log Analysis What Are Logs? Definition Log Entry Components Sample Log Analysis Importance of Logs 1. System Troubleshooting 2. Cybersecurity Incident Response 3. Threat Hunting 4. Compliance Types of Logs in Computing Environments Integrative Analysis Data Visualization Data visualization tools, such as Kibana (of the … Read more

Splunk SIEM: Exploring SPL

This entry is part 16 of 25 in the series Threat Detection Engineering

Views: 35Splunk Search & Reporting App Overview The Search & Reporting App is the primary interface on Splunk’s Home page used for searching and analyzing data. This app provides several essential functionalities to enhance the search experience for analysts. Search & Reporting App is the default interface used to search and analyze the data on the Splunk Home … Read more

Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker

This entry is part 15 of 25 in the series Threat Detection Engineering

Views: 968Step-by-Step Guide to Install MISP Using Docker on Ubuntu In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an Ubuntu server. Prerequisites Before we begin, make sure your system meets the following requirements: Step 1: Update Your Server and Install Docker First, ensure … Read more