BLUE TEAM
NIST – IDENTIFY: Categories and Subcategories
Views: 12Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.
NIST Cybersecurity Framework v1.1: Fundamentals
Views: 27NIST Functions Framework Core The Core consists of three parts: Functions, Categories, and Subcategories. The Core includes five high level functions: Identify, Protect, Detect, Respond, and Recover. These 5 functions are not only applicable to cybersecurity risk management, but also to risk management at large. The next level down is the 23 Categories that are split … Read more
Splunk: SPL Cheat Sheet for SOC Analysts
Views: 40Splunk Cheat Sheet Query to identify failed login attempts: Query to identify privilege escalation attempts: Query to identify failed SSH attempts: Query to identify successful SSH attempts: Query to identify unusual network traffic: Query to identify suspicious processes: Query to identify brute force attacks: Query to identify privilege escalation attempts on Windows systems: Query … Read more
Splunk Fundamentals
Views: 14Splunk Components Splunk Forwarder Splunk Forwarder is a lightweight agent installed on the endpoint intended to be monitored, and its main task is to collect the data and send it to the Splunk instance. Splunk Indexer Splunk Indexer plays the main role in processing the data it receives from forwarders. It takes the data, normalizes … Read more
Risk Assessment Methodologies
Views: 21Risk Management Frameworks There are several frameworks for risk assessment. Example methodologies are: NIST SP 800-30 Based on NIST SP 800-30, the risk management process entails four steps: Frame Risk
Risk Management – Terminology
Views: 20Risk Avoidance Risk Acceptance Risk Reduction Basic Terminology Threat A threat is a potential harm or danger to an individual, organisation, or system. Threats can be classified into three main categories: human-made, technical, or natural. Human-made threats: These threats are caused by human activities or interventions. Examples include: As can be seen, human-made threats are not limited to … Read more
Suricata rules to detect Web application attacks
Views: 117Here are some examples of Suricata rules that can be used to detect web application attacks: 1. SQL Injection: 2. Cross-Site Scripting (XSS): 3. Remote File Inclusion (RFI): 4. Local File Inclusion (LFI): 5. Command Injection: 6. Server-Side Request Forgery (SSRF): These are just a few examples, and you can modify or create additional … Read more
DNS Tunneling attacks
Views: 22DNS tunneling is a technique used by attackers to bypass network security measures and exfiltrate data from a targeted network. It involves encapsulating unauthorized data within DNS (Domain Name System) queries or responses, allowing the attacker to transmit information through DNS channels. Here is a simplified diagram illustrating the DNS tunneling attack: Here’s an … Read more