Here’s a way to deploy Sysmon to all of your domain endpoints using Group Policy. Step1: Create sysmon install batch file First create a batch file that will be placed… [Continue Reading]
Month: February 2017
Incorporating Virustotal Data to Elasticsearch
Now that we’re collecting logs from various sources including Sysmon, we have access to file hash information. A while back I came across this SANS article on incorporating Virustotal to… [Continue Reading]
Setting up Elasticsearch 5.x – Monitoring and Visualizing Logs with Kibana Part 3/3
At this point you have setup the Elasticsearch stack along with a Windows host in which you are collecting logs using Winlogbeat. Now it’s time to start visualizing and searching… [Continue Reading]
Setting up Elasticsearch 5.x – Sending Windows Logs using WinLogbeat 5.x Part 2/3
Now that you have your Elasticsearch Stack setup on multiple servers or a single server it’s time to start sending some data over. Prerequisites: Winlogbeat – Download here (64-bit) Windows… [Continue Reading]
Setting up Elasticsearch 5.x (Single VM) on CentOS 7 Minimal Part 1/3
In this series we will go ahead and setup Elasticsearch 5 to collect Windows Logs. The point of this tutorial is to setup a test environment for Elasticsearch on a… [Continue Reading]
Setting up Elasticsearch 5.x (Distributed) on CentOS 7 Minimal Part 1/3
In this series we will go ahead and setup Elasticsearch 5 to collect Windows Logs. The point of this tutorial is to have a truly distributed test Elasticsearch cluster environment which… [Continue Reading]