There’s been plenty of instances where I have to go through an investigation after a user has clicked on a phishing email and find out what happened later. After performing… [Continue Reading]
Month: May 2018
Monitoring Active Directory with ELK
Can you tell me where this account is getting locked out from? is a frequent question that I would get often by Help Desk, or anyone in general; therefore, I… [Continue Reading]
Importing McAfee ePO Threat events to ELK
Since I’ve struggled to get McAfee ePO to send syslogs to my ELK environment, I decided to leverage the SQL JDBC driver and logstash JDBC plug-in to pull threat records… [Continue Reading]