Setting up Elastic Defend: this is the EDR (Endpint detection and response) and generate some telemetry. ES > management > integrations > Elastic Defend Add elastic defend Select existing host […]
In investigating a C2 : you will consider the following ways– Network telemetry (existing C2 sessions have a lot of back and forth telemetry)– Heartbeat (You can use a tool […]
Elasticsearch Ingest Data Ingesting Sysmon and Windows Defender logs into Elasticsearch Click on Add integrations Search “Windows” and you get We click on Custom Windows Event logs, to gather logs […]
Understanding SYSMON For windows, logging is enabled by default, but the log information provided is not enough, it doesn’t not track important events such a process creation, hence the need […]