Can you tell me where this account is getting locked out from? is a frequent question that I would get often by Help Desk, or anyone in general; therefore, I… [Continue Reading]
Author: Pablo Delgado
Importing McAfee ePO Threat events to ELK
Since I’ve struggled to get McAfee ePO to send syslogs to my ELK environment, I decided to leverage the SQL JDBC driver and logstash JDBC plug-in to pull threat records… [Continue Reading]
Triton AP-Websense SIEM Logstash Output Configuration
The following configuration will make it easier to parse Syslog messages sent from your Websense appliance to your ELK stack. If you need assistance setting up SIEM integration with Websense… [Continue Reading]
Tagging Phishing emails with Regex Rules [Proofpoint]
After seeing a vast amount of phishing emails coming through, I’ve decided to implement an additional protection by tagging possible phishing emails by applying my own set of conditions to… [Continue Reading]
Monitoring Domain Group Membership Changes With ELK
Khoa previously wrote about monitoring AD Group Membership changes using his Powershell script which can be found here. In this article we will be setting up a Logstash filter that… [Continue Reading]
Chrome Extensions: Bypassing your security
At this point you have tightened up your environment by removing local administrator rights, keeping up your software up-to-date, blocking 3rd party software download sites, etc. etc…; however, you start… [Continue Reading]
Security Awareness Training: Step-By-Step
If you find yourself responding to daily incidents such as having to remove adware from a system, or having to run a powershell script to delete user emails because of… [Continue Reading]
Monitoring the monitor: Sysmon status
You’re probably reading this article because you understand how important Sysmon is to your environment. Without Sysmon, it’s difficult to log most endpoint actions unless you have advanced auditing turned… [Continue Reading]
Logstash Master Script for ELK Health monitoring
The following is a master script that was created to check on the health for Logstash and Elasticsearch nodes. This is helpful if you don’t have x-pack setup in your… [Continue Reading]
Threat Hunting with Sysmon: Word Document with Macro
As I’ve stated before, Sysmon is a great tool for gaining insight of what’s running in our systems and what changes are occurring in our endpoints. With that being said,… [Continue Reading]