Category: SIEM Solutions
Everything SOC and SIEM
ElasticSearch Kibana SIEM Implementation
Virtual Machine Details DISTRIB_ID=UbuntuDISTRIB_RELEASE=20.04DISTRIB_CODENAME=focalDISTRIB_DESCRIPTION=”Ubuntu 20.04.2 LTS RAM 4 GB, CPU 2 IP: 192.168.171.130 Download Elastic Search sudo apt-get install apt-transport-https wget -qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo...
CrowdStrike Integration with McAfee ESM SIEM
Custom CrowdStrike AV Event AV Scan Results In A Detection Summary Regex .*\W+dhost=(\S+).duser=(\S+).fname=(\S+)\W+filePath=(.)\W+fileHash=(\S+)\W+dntdom=(\S+).\W+cs1=(.)\W+cs4Label.cs5=(.)\W+cs6Label=.technique=(.)\W+objective=(.)\W+patternDisposition=(.)\W+outcome=(\S+) Original Log from CrowdStrike CEF:0|CrowdStrike|FalconHost|1.0|AV Scan Results In A Detection Summary Event|AV Scan...
SOC Automated Playbooks for Security Events
https://flexibleir.com Flexible IR Playbooks are process oriented describing what tasks to do. Each task becomes a card on the Kanban boards and can be granularly analysed....
SOC Manual PlayBook for Malware Infection Example
The Playbook Once the incident is identified, quarantine the affected device and perform the mitigation actions aligned with the organizations’ best practices. In response to an...
Recent Comments