Skip to content

Syspanda

SysOps & Security

  • About
  • Contact Us!
  • Newsletter

Category: logstash

Triton AP-Websense SIEM Logstash Output Configuration

by Pablo Delgado on April 12, 2018April 12, 2018

The following configuration will make it easier to parse Syslog messages sent from your Websense appliance to your ELK stack. If you need assistance setting up SIEM integration with Websense… [Continue Reading]

Monitoring Domain Group Membership Changes With ELK

by Pablo Delgado on January 9, 2018January 12, 2018

Khoa previously wrote about monitoring AD Group Membership changes using his Powershell script which can be found here. In this article we will be setting up a Logstash filter that… [Continue Reading]

Collecting and sending Windows Firewall Event logs to ELK

by Pablo Delgado on October 4, 2017October 5, 2017

Monitoring Windows Host-based firewall Host-based firewalls are a great way to monitor any strange connections that might be sourcing from your system, or if there’s any unexpected internal connections within… [Continue Reading]

Troubleshooting ELK Elasticsearch & Logstash Pt 2 of 2

by Pablo Delgado on October 3, 2017October 3, 2017

Troubleshooting Logstash Logstash is our log parser and shipper that gets logs and writes them to the elasticsearch database which creates a daily or weekly index depending on your configuration…. [Continue Reading]

Detecting Outbound connections Pt. 3 – Microsoft IPs & Private IPs

by Pablo Delgado on August 31, 2017March 27, 2018

At this point you’re still excited about logging any outbound connections made by your endpoints, specially knowing exactly “what” made those connections (.exe, .dlls, .tmp, etc..) because of Sysmon. Now… [Continue Reading]

Detecting Outbound connections Pt. 2 – Logstash + Threat Intelligence

by Pablo Delgado on August 26, 2017September 3, 2017

Now that you have been collecting outbound connection logs from sysmon or your firewalls, the next step is to ask ourselves, how do we enhance that data? Geo-tagging IP addresses,… [Continue Reading]

Categories

Recent Posts

  • Triton AP-Websense SIEM Logstash Output Configuration April 12, 2018
  • Tagging Phishing emails with Regex Rules [Proofpoint] March 12, 2018
  • Google Geocode API with Powershell January 13, 2018

Archives

  • April 2018
  • March 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • May 2017
  • March 2017
  • February 2017
  • December 2016

Recent Comments

  • Pablo Delgado on Critical Security Control # 5: Removing local administrators once and for all
  • Richard on Critical Security Control # 5: Removing local administrators once and for all
  • Linksammlung: Monitoring von Windows Security Events mit ELK | Susanns Weblog on Setting up Elasticsearch 5.x – Monitoring and Visualizing Logs with Kibana Part 3/3
  • Linksammlung: Monitoring von Windows Security Events mit ELK | Susanns Weblog on Sending Windows Event Forwarder Server (WEF) Logs to Elasticsearch (Winlogbeat)
  • Lessons Learned: Winlogbeat & Forwarded Events – no event description – David Vassallo's Blog on Sending Windows Event Forwarder Server (WEF) Logs to Elasticsearch (Winlogbeat)

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Amazon Associate Disclosure

Pablo Delgado is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. This Helps us pay the web-hosting and domain renewal each year.

Google ads

Copyright © 2018 Syspanda. All Rights Reserved.
Gatsby Theme by WPStash