Elasticsearch > Analytics > Maps … the you can compose your query: event.code: 4625 and agent.name: IfeBamba-WINSERVER Add Layer > Select Choropeth: Use the Add layer options as seen in […]
Understanding RDP Used for communication between the Terminal Server and the terminal server client; it is encapsulated within TCP; uses port 3389. RDP can be exploited through the exposure of […]
Events generated for our Linux Agent is seen below, we have a total of 387 events. In creating our dashboards, we will be focusing on the following fields: We click […]
Next, we Setup a new Linux SSH Server as a Test machine for monitoring Brute Force attacks: SSH into the server and update your linux:> apt-get update && apt-get upgrade […]
Elasticsearch Ingest Data Ingesting Sysmon and Windows Defender logs into Elasticsearch Click on Add integrations Search “Windows” and you get We click on Custom Windows Event logs, to gather logs […]
Understanding SYSMON For windows, logging is enabled by default, but the log information provided is not enough, it doesn’t not track important events such a process creation, hence the need […]
We deploy a windows server as we did our Ubuntu server earlier. The difference is that this will not be in in VPC network, as defined in our Network diagram […]
Installing the Kibana application component We will install Kibana following the following steps Reload the systemctl daemon, enable the service, start the service and check the status of the […]
E – ElasticSearch : (Store, Search, Analyze)This solution helps you securely take data from any source, in any format, search, analyze and visualize it in real time. In our case, […]
This challenge in aimed at gaining SOC (Security Operations Centre) analysis skills. I will be exploring different aspects of SOC operations and analysis –setting up the ELK (Elasticsearch, Logstash and […]