Monitoring Windows Host-based firewall Host-based firewalls are a great way to monitor any strange connections that might be sourcing from your system, or if there’s any unexpected internal connections within… [Continue Reading]
Author: Pablo Delgado
Troubleshooting ELK Elasticsearch & Logstash Pt 2 of 2
Troubleshooting Logstash Logstash is our log parser and shipper that gets logs and writes them to the elasticsearch database which creates a daily or weekly index depending on your configuration…. [Continue Reading]
Troubleshooting ELK Elasticsearch & Logstash Pt 1 of 2
How to Troubleshoot elasticsearch You might find yourself attempting to view Elasticsearch logs through Kibana and realize that you have not been receiving logs for quite some time. Unfortunately, elasticsaerch… [Continue Reading]
Monitoring Elasticsearch Nodes for Low Disk space
Scenario: You login to Kibana and notice there’s no new logs within the past 15 minutes, the last time you received a log was 18 hours ago. You then run… [Continue Reading]
Patching Production servers with WSUS & Powershell
Patch management should be on top of your top priorities as a Sysadmin and as a Security Analyst you should also be on top of the latest patches released by… [Continue Reading]
Certifications: Preparing for and passing CISSP!
If you’ve been in the Security field for some time now, you may have realized the importance of obtaining certain certifications. Whether you’re more hands and want to be on… [Continue Reading]
Detecting Outbound connections Pt. 3 – Microsoft IPs & Private IPs
At this point you’re still excited about logging any outbound connections made by your endpoints, specially knowing exactly “what” made those connections (.exe, .dlls, .tmp, etc..) because of Sysmon. Now… [Continue Reading]
Detecting Outbound connections Pt. 2 – Logstash + Threat Intelligence
Now that you have been collecting outbound connection logs from sysmon or your firewalls, the next step is to ask ourselves, how do we enhance that data? Geo-tagging IP addresses,… [Continue Reading]
Critical Control # 2: Inventory of Authorized and Unauthorized Software
You can’t control what you can’t see Do you have a list of approved and trusted applications in your environment? Are you sure? What about those 3rd party add-ons that… [Continue Reading]
Detecting Outbound connections Pt. 1 – Sysmon
I’ve been using Sysmon for quite some time now and it has made my life much easier when hunting for unknown processes or looking for outbound connections. My use case… [Continue Reading]