You’re probably reading this article because you understand how important Sysmon is to your environment. Without Sysmon, it’s difficult to log most endpoint actions unless you have advanced auditing turned… [Continue Reading]
Month: October 2017
Logstash Master Script for ELK Health monitoring
The following is a master script that was created to check on the health for Logstash and Elasticsearch nodes. This is helpful if you don’t have x-pack setup in your… [Continue Reading]
Threat Hunting with Sysmon: Word Document with Macro
As I’ve stated before, Sysmon is a great tool for gaining insight of what’s running in our systems and what changes are occurring in our endpoints. With that being said,… [Continue Reading]
Collecting and sending Windows Firewall Event logs to ELK
Monitoring Windows Host-based firewall Host-based firewalls are a great way to monitor any strange connections that might be sourcing from your system, or if there’s any unexpected internal connections within… [Continue Reading]
Stop, Start, Restart Windows Services – PowerShell Script
Copy and save the below script as MaintainService.ps1 Open Powershell and navigate to the path where the script is saved Simply type part of the script name and then press… [Continue Reading]
Check Windows Service Status – PowerShell Script
Copy and save the below script as CheckMyService.ps1 Open Powershell and navigate to the path where the script is saved Simply type part of the script name and then press… [Continue Reading]
Troubleshooting ELK Elasticsearch & Logstash Pt 2 of 2
Troubleshooting Logstash Logstash is our log parser and shipper that gets logs and writes them to the elasticsearch database which creates a daily or weekly index depending on your configuration…. [Continue Reading]
Troubleshooting ELK Elasticsearch & Logstash Pt 1 of 2
How to Troubleshoot elasticsearch You might find yourself attempting to view Elasticsearch logs through Kibana and realize that you have not been receiving logs for quite some time. Unfortunately, elasticsaerch… [Continue Reading]