Wireshark: 802.11 Denial of Service
Views: 8
DETECT
Analysis with Wireshark
Views: 21TShark VS. Wireshark (Terminal vs. GUI) TShark is a purpose-built terminal tool based on Wireshark. TShark shares many of the same features that are included in Wireshark and even shares syntax and options. TShark is perfect for use on machines with little or no desktop environment and can easily pass the capture information it … Read more
TCPDump
Views: 16Locate tcpdump Install TCPdump Tcpdump Version Validation TCPDump will resolve IPs to hostnames by default. Traffic Captures with Tcpdump Basic Capture Options Switch Command Result D Will display any interfaces available to capture from. i Selects an interface to capture from. ex. -i eth0 n Do not resolve hostnames. nn Do not resolve hostnames … Read more
Elastic SIEM: Developing Dashboards & Visualization
Views: 28Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
SIEM Use cases
Views: 18How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more