It’s easy to get caught up with shiny and costly “Next-gen” products that will keep your environment secure from 0-day exploits; however, before you spend all of your Security budget,… [Continue Reading]
Month: March 2017
Advanced Sysmon filtering using Logstash
When I initially deployed Sysmon earlier last year I was amazed by the amount of details it gathered as well as the huge amount of logs that my ELK stack… [Continue Reading]
Sending Windows Event Forwarder Server (WEF) Logs to Elasticsearch (Winlogbeat)
Now that you are sending all of your logs to your Windows Event Forwarder, it’s time to forward them to Elasticsearch so we can visualize them in Kibana and make… [Continue Reading]
Setting up Windows Event Forwarder Server (WEF) (Domain) – GPO Deployment Part 3/3
Now that you have setup a Windows Event Forwarder collector + Sysmon subscriptions, you are now ready to collect these logs from your endpoint. We will now create a group… [Continue Reading]
Setting up Windows Event Forwarder Server (WEF) (Domain) – Sysmon Part 2/3
This is part 2 in which we will be setting up Sysmon in our WEF server. As you saw in the previous article, there is no option for Sysmon subscription… [Continue Reading]
Setting up Windows Event Forwarder Server (WEF) (Domain) Part 1/3
This will be a 3 part series in which we will setup a Windows Event Forwarder server which will collect event logs from Domain-joined Windows workstations based on subscriptions that… [Continue Reading]