At this point you’re still excited about logging any outbound connections made by your endpoints, specially knowing exactly “what” made those connections (.exe, .dlls, .tmp, etc..) because of Sysmon. Now… [Continue Reading]
Now that you have been collecting outbound connection logs from sysmon or your firewalls, the next step is to ask ourselves, how do we enhance that data? Geo-tagging IP addresses,… [Continue Reading]
You can’t control what you can’t see Do you have a list of approved and trusted applications in your environment? Are you sure? What about those 3rd party add-ons that… [Continue Reading]
I’ve been using Sysmon for quite some time now and it has made my life much easier when hunting for unknown processes or looking for outbound connections. My use case… [Continue Reading]
LAMP Install Automated I had a small project where I was tasked with installing and configuring several virtual machines with their respective *AMP components (apache, maria db and php.) After performing… [Continue Reading]
I’ve been using Sysmon for about 2 years now and it’s one of my favorite Sysinternal tools. My use-cases include and are not limited to the following: Finding unknown &… [Continue Reading]
It’s easy to get caught up with shiny and costly “Next-gen” products that will keep your environment secure from 0-day exploits; however, before you spend all of your Security budget,… [Continue Reading]
When I initially deployed Sysmon earlier last year I was amazed by the amount of details it gathered as well as the huge amount of logs that my ELK stack… [Continue Reading]
Now that you are sending all of your logs to your Windows Event Forwarder, it’s time to forward them to Elasticsearch so we can visualize them in Kibana and make… [Continue Reading]
Now that you have setup a Windows Event Forwarder collector + Sysmon subscriptions, you are now ready to collect these logs from your endpoint. We will now create a group… [Continue Reading]