Open Source SIRP with Elasticsearch and TheHive - Part 5 - ElastAlert
Today we’ll be completing the chain and bridging the gap between Elasticsearch where our alerts currently sit, and TheHive where the alerts will become cases for analysis.
Open Source SIRP with Elasticsearch and TheHive - Part 4 - TheHive & Cortex
In today’s episode we’ll be installing some of the final pieces of our pipeline with TheHive and Cortex. Along with TheHive we’ll need to install Elasticsearch from the 5.6 branch as a requirement of TheHive. Version 4.1 (expected in Q2 2019) will eliminate Elasticsearch as a dependency and instead use GraphDB.
Open Source SIRP with Elasticsearch and TheHive - Part 3 - MISP
Implementing a MISP server will allow Cortex, or any application capable of issuing a simple REST request, to query against feeds of threat indicators, most notably for IP addresses, URLs, and file hashes. The MISP server will allow you to control the subset of feeds you wish to subscribe to and query against, but it’s up to you to find the right balance in selecting the feeds. The information returned depends on the additional data provided by the feed and varies greatly among feed sources. Some feeds are simple block lists while others provide a wealth of additional data. Take a look at feed number 1 from CIRCL for an example of the data that can be provided.
Open Source SIRP with Elasticsearch and TheHive - Part 2 - Wazuh
Today we’ll be installing Wazuh Manager on a new server, registering an agent, and integrating Wazuh with Elasticsearch.
Sonoff and Espurna - Powerful Automation Switches
In this post I’ll describe how I take a sub-$5 Wifi-enabled electrical switch, flash it with open-source firmware, and incorporate it into my home automation. This is a cheap way of being able to turn any small electrical device on and off wirelessly.
Open Source SIRP with Elasticsearch and TheHive - Part 1 - Elasticsearch
Updated March 14th to reflect that I’m now installing the second Elasticsearch instance on TheHive VM and not in Docker.
Open Source SIRP with Elasticsearch and TheHive - Overview
The following article summarizes a multi-part series I’m writing on standing-up an open source Security Incident Response Platform. This platform allows for log retention and analysis, alert generation, IoC enrichment, and case management.
AD Health & Security Check-up
As the Identity and Authentication source of most Enterprises, Active Directory is the backbone of local and federated authentication. Coupled with the prevalence of Cloud computing, organizations are depending more-and-more on federated authentication and expanding their Active Directory into the Cloud.
Cloud Backup with RClone and Backblaze B2
User Rights Assignment Definitions
This is a list of all the User Rights Assignments available on a Windows network along with a brief description and default values. The definitions are taken from the Microsoft documentation.