Series: Threat Detection Engineering

A practical course on Threat Detection Engineering using Elastic SIEM/EDR

ELASTIC SIEM: Kibana Query Language (KQL) 

by
This entry is part 11 of 21 in the series Threat Detection Engineering

Views: 55Different Syntax Languages Kibana supports two types of syntax languages for querying in Kibana: KQL (Kibana Query Language) and Lucene Query Syntax. Special Characters Certain characters are reserved in ELK queries and must be escaped before usage. Reserved characters in ELK include +, -, =, &&, ||, &, | and !. For instance, using the + character in a query will result in an error; to escape this character, precede it with … Read more

Yara

by
This entry is part 15 of 21 in the series Threat Detection Engineering

Views: 31“The pattern matching swiss knife for malware researchers (and everyone else)”  Useful Yara Resources Various Github repositories provide a wealth of examples of YARA, https://github.com/Yara-Rules/rules/tree/master/malware https://github.com/mikesxrs/Open-Source-YARA-rules/tree/masterUseful Yara Rules Repositories The DFIR Report” shares YARA rules derived from their investigations, https://github.com/The-DFIR-Report/Yara-RulesYara DFIR Report YARA in a nutshell YARA is a tool aimed at (but not limited … Read more

Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker

by
This entry is part 16 of 21 in the series Threat Detection Engineering

Views: 99Step-by-Step Guide to Install MISP Using Docker on Ubuntu In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an Ubuntu server. Prerequisites Before we begin, make sure your system meets the following requirements: Step 1: Update Your Server and Install Docker First, ensure … Read more

Splunk SIEM: Exploring SPL

by
This entry is part 17 of 21 in the series Threat Detection Engineering

Views: 14Splunk Search & Reporting App Overview The Search & Reporting App is the primary interface on Splunk’s Home page used for searching and analyzing data. This app provides several essential functionalities to enhance the search experience for analysts. Search & Reporting App is the default interface used to search and analyze the data on the Splunk Home … Read more

Log Analysis: Basics

by
This entry is part 18 of 21 in the series Threat Detection Engineering

Views: 40Understanding Logs in Infrastructure Systems Logs and Their Role Log Analysis What Are Logs? Definition Log Entry Components Sample Log Analysis Importance of Logs 1. System Troubleshooting 2. Cybersecurity Incident Response 3. Threat Hunting 4. Compliance Types of Logs in Computing Environments Integrative Analysis Data Visualization Data visualization tools, such as Kibana (of the … Read more

Threat Detection Engineering

by
TD_003
This entry is part 19 of 21 in the series Threat Detection Engineering

Views: 10Threat Detection Engineering (TDE) involves designing, implementing, and refining security measures to identify and respond to threats. Here are some key topics and domains covered under TDE: These areas are essential in building a robust threat detection engineering program that keeps up with evolving threats.