I had the opportunity to write a Thesis for my Security Masters Program at the University of Houston (Program Website here for those interested). It was a long, but fun experience… [Continue Reading]
Category: Elasticsearch
Monitoring Active Directory with ELK
Can you tell me where this account is getting locked out from? is a frequent question that I would get often by Help Desk, or anyone in general; therefore, I… [Continue Reading]
Importing McAfee ePO Threat events to ELK
Since I’ve struggled to get McAfee ePO to send syslogs to my ELK environment, I decided to leverage the SQL JDBC driver and logstash JDBC plug-in to pull threat records… [Continue Reading]
Monitoring Domain Group Membership Changes With ELK
Khoa previously wrote about monitoring AD Group Membership changes using his Powershell script which can be found here. In this article we will be setting up a Logstash filter that… [Continue Reading]
Chrome Extensions: Bypassing your security
At this point you have tightened up your environment by removing local administrator rights, keeping up your software up-to-date, blocking 3rd party software download sites, etc. etc…; however, you start… [Continue Reading]
Monitoring the monitor: Sysmon status
You’re probably reading this article because you understand how important Sysmon is to your environment. Without Sysmon, it’s difficult to log most endpoint actions unless you have advanced auditing turned… [Continue Reading]
Logstash Master Script for ELK Health monitoring
The following is a master script that was created to check on the health for Logstash and Elasticsearch nodes. This is helpful if you don’t have x-pack setup in your… [Continue Reading]
Threat Hunting with Sysmon: Word Document with Macro
As I’ve stated before, Sysmon is a great tool for gaining insight of what’s running in our systems and what changes are occurring in our endpoints. With that being said,… [Continue Reading]
Troubleshooting ELK Elasticsearch & Logstash Pt 2 of 2
Troubleshooting Logstash Logstash is our log parser and shipper that gets logs and writes them to the elasticsearch database which creates a daily or weekly index depending on your configuration…. [Continue Reading]
Troubleshooting ELK Elasticsearch & Logstash Pt 1 of 2
How to Troubleshoot elasticsearch You might find yourself attempting to view Elasticsearch logs through Kibana and realize that you have not been receiving logs for quite some time. Unfortunately, elasticsaerch… [Continue Reading]