Skip to content
-
Security You Can Trust, Expertise You Can Rely On. TekGenX Consulting
NetwerkLABS

Powered By TEKGENX CONSULTING

  • Home
  • BLUE TEAM
    • MITRE ATT&CK
    • INFOSEC Governance and Regulation
      • NIST
        • IDENTIFY
        • PROTECT
        • DETECT
        • RESPOND
        • RECOVER
      • Risk Management
    • SOC
      • Threat Detection and Incident Response
        • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
        • Threat Hunting
          • Traffic Analysis
        • Splunk
          • Splunk Basics
          • Understanding Log Sources
          • Dashboards and Reports
          • Exploring SPL
          • Incident Handling with Splunk
          • Investigating with Splunk
    • Security+
    • Scripting
      • Bash Scripting
      • Python
      • ZyBER-TOOLS
  • ZyBER-SERIES
    • Wazuh – SIEM and XDRThe Open Source Security Platform that provides Unified XDR and SIEM protection for endpoints and cloud workloads
    • Attack and Defend Active Directory
    • Offensive Testing Enterprise Networks
    • Threat Detection EngineeringA practical course on Threat Detection Engineering using Elastic SIEM/EDR
    • F5 Local Traffic Manager (LTM)F5 Local Traffic Manager (LTM)
    • Incident Response and Forensics
    • Red Team Engagements
  • ZyBER-INTEL
  • ZyBER-NEWS
  • Cookie Policy (EU)
Subscribe

Threat Detection and Incident Response

  • Home
  • SOC Analyst
  • Threat Detection and Incident Response
  • Page 2
Thraet_Detect_TWO
Posted inThreat Hunting Threat Detection and Incident Response Understanding Log Sources

Useful Windows Event IDs

Windows System Logs Event ID 1074 (System Shutdown/Restart): This event log indicates when and why the system was shut down or restarted. By monitoring these events, you can determine if there are unexpected shutdowns or restarts, potentially…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: threat_detection, event-ids
IR_002
Posted inThreat Detection and Incident Response Intrusion Detection and Response

Code Obfuscation and Deobfuscation

Code Obfuscation is a technique used to make a script more difficult to read by humans but allows it to function the same from a technical point of view, though performance may be slower. This is…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: Code, dfir
Incident Response
Posted inThreat Detection and Incident Response Intrusion Detection and Response DFIR

Incident Response

Incident response, also known as incident handling, is a cyber security function that uses various methodologies, tools and techniques to detect and manage adversarial attacks while minimizing impact, recovery time and total operating costs. Addressing attacks…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: dfir, IR, Incident
MISP (Malware Information Sharing Platform)
Posted inSOC Analyst Threat Detection and Incident Response

MISP (Malware Information Sharing Platform)

MISP
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: MISP
Incident Report Template
Posted inThreat Detection and Incident Response

Incident Report Template

Elements of an incident report Source: Hack The Box Incident Report Template
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: IR, Incident_Response
Windows Event Logs
Posted inSOC Analyst Threat Detection and Incident Response DETECT

Windows Event Logs

Understanding Windows Event Logs Each entry in the Windows Event Log is an "Event" and contains the following primary components: Log Name: The name of the event log (e.g., Application, System, Security, etc.). Source: The software…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: eventlogs, eventid
Wireshark 101 | Packet Operations
Posted inThreat Detection and Incident Response DETECT Traffic Analysis

Wireshark 101 | Packet Operations

Wireshark: Packet Operations Statistics | Summary This menu provides multiple statistics options ready to investigate to help users see the big picture in terms of the scope of the traffic, available protocols, endpoints and conversations, and…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wireshark
ELASTIC SIEM: Kibana Query Language (KQL) 
Posted inSOC Analyst Threat Detection and Incident Response DETECT

ELASTIC SIEM: Kibana Query Language (KQL) 

Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Kibana Query Language (KQL) is a user-friendly query language developed by Elastic specifically for Kibana. It provides autocomplete suggestions…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: wazuh, kibana, KQL
Threat Detection: Detecting a Webserver Attack
Posted inThreat Hunting Threat Detection and Incident Response

Threat Detection: Detecting a Webserver Attack

LAB Setup Let's use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the these instructions to install Docker on…
Read More
Posted by Avatar photo Bharath Narayanasamy Tags: SIEM, Elastic
DFIR: Linux File System Analysis
Posted inSOC Analyst Threat Detection and Incident Response Intrusion Detection and Response

DFIR: Linux File System Analysis

Read More
Posted by Avatar photo Bharath Narayanasamy Tags: linux, incident response, detection, dfir

Posts pagination

Previous page 1 2 3 Next page

Recent Posts

  • HAVOC C2: COMMAND & CONTROL FRAMEWORK [PART – I]
  • Wireshark Threat Hunting – From Packets to Indicators [HTTP: DEEP-DIVE]
  • SETUP DVWA ON WINDOWS
  • Wireshark Threat Hunting – From Packets to Indicators [SMB: DEEP-DIVE]
  • Wireshark Threat Hunting – From Packets to Indicators

Categories

AD AD attacks brute-force caldera CISO dfir Elastic hydra linux NIST red-team SIEM snort splunk Threat Intel threat_detection Threat_hunting vulnhub wazuh wireshark

Copyright 2026 — NetwerkLABS. Powered by TekGenX Consulting. All rights reserved.
Scroll to Top

Powered by
►
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
►
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
►
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
►
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
►
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
None
Powered by