Monitoring Windows Host-based firewall Host-based firewalls are a great way to monitor any strange connections that might be sourcing from your system, or if there’s any unexpected internal connections within… [Continue Reading]
Category: logstash
Troubleshooting ELK Elasticsearch & Logstash Pt 2 of 2
Troubleshooting Logstash Logstash is our log parser and shipper that gets logs and writes them to the elasticsearch database which creates a daily or weekly index depending on your configuration…. [Continue Reading]
Detecting Outbound connections Pt. 3 – Microsoft IPs & Private IPs
At this point you’re still excited about logging any outbound connections made by your endpoints, specially knowing exactly “what” made those connections (.exe, .dlls, .tmp, etc..) because of Sysmon. Now… [Continue Reading]
Detecting Outbound connections Pt. 2 – Logstash + Threat Intelligence
Now that you have been collecting outbound connection logs from sysmon or your firewalls, the next step is to ask ourselves, how do we enhance that data? Geo-tagging IP addresses,… [Continue Reading]