SIEM Solutions – Hi, I`m Umair Junaid

Wazuh MSSP Setup

0

January 23, 2022

ElasticSearch Kibana SIEM Implementation

Virtual Machine Details DISTRIB_ID=UbuntuDISTRIB_RELEASE=20.04DISTRIB_CODENAME=focalDISTRIB_DESCRIPTION=”Ubuntu 20.04.2 LTS RAM 4 GB, CPU 2 IP: 192.168.171.130 Download Elastic Search sudo apt-get install apt-transport-https wget -qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo...

0

January 16, 2022

SIEM Solutions / Threat Inelligence

Valuable Threat feeds for SIEM Solutions

Taxii Clients

0

July 19, 2019

SIEM Solutions

CrowdStrike Integration with McAfee ESM SIEM

Custom CrowdStrike AV Event AV Scan Results In A Detection Summary Regex .*\W+dhost=(\S+).duser=(\S+).fname=(\S+)\W+filePath=(.)\W+fileHash=(\S+)\W+dntdom=(\S+).\W+cs1=(.)\W+cs4Label.cs5=(.)\W+cs6Label=.technique=(.)\W+objective=(.)\W+patternDisposition=(.)\W+outcome=(\S+) Original Log from CrowdStrike CEF:0|CrowdStrike|FalconHost|1.0|AV Scan Results In A Detection Summary Event|AV Scan...

0

July 17, 2019

SIEM Solutions

SOC Automated Playbooks for Security Events

https://flexibleir.com Flexible IR Playbooks are process oriented describing what tasks to do. Each task becomes a card on the Kanban boards and can be granularly analysed....

0

July 15, 2019

SIEM Solutions

SOC Manual PlayBook for Malware Infection Example

The Playbook Once the incident is identified, quarantine the affected device and perform the mitigation actions aligned with the organizations’ best practices. In response to an...

0

July 15, 2019

Category: SIEM Solutions

Wazuh MSSP Setup

ElasticSearch Kibana SIEM Implementation

Valuable Threat feeds for SIEM Solutions

CrowdStrike Integration with McAfee ESM SIEM

SOC Automated Playbooks for Security Events

SOC Manual PlayBook for Malware Infection Example

Recent Posts

Recent Comments

Archives

Categories