At this point you’re still excited about logging any outbound connections made by your endpoints, specially knowing exactly “what” made those connections (.exe, .dlls, .tmp, etc..) because of Sysmon. Now… [Continue Reading]
Month: August 2017
Detecting Outbound connections Pt. 2 – Logstash + Threat Intelligence
Now that you have been collecting outbound connection logs from sysmon or your firewalls, the next step is to ask ourselves, how do we enhance that data? Geo-tagging IP addresses,… [Continue Reading]
Critical Control # 2: Inventory of Authorized and Unauthorized Software
You can’t control what you can’t see Do you have a list of approved and trusted applications in your environment? Are you sure? What about those 3rd party add-ons that… [Continue Reading]