Khoa previously wrote about monitoring AD Group Membership changes using his Powershell script which can be found here. In this article we will be setting up a Logstash filter that… [Continue Reading]
As an end-user that does not support active-directory, I like to know when my password is approaching its expiration date; this is also useful if you have a non-human service… [Continue Reading]
While working on another script, I had to address the requirement of emailing the results via Outlook. I had two solutions (syntax methods) to accomplish this but I found one… [Continue Reading]
I encountered a scenario at work where I had to monitor any changes performed on an account’s active directory membership groups on a daily/weekly basis. I believe there may be… [Continue Reading]
This script can be utilized if you need to ping a list of IP addresses to ensure they are online or if you need to resolve the IPs into FQDNs…. [Continue Reading]
At this point you have tightened up your environment by removing local administrator rights, keeping up your software up-to-date, blocking 3rd party software download sites, etc. etc…; however, you start… [Continue Reading]
If you find yourself responding to daily incidents such as having to remove adware from a system, or having to run a powershell script to delete user emails because of… [Continue Reading]
You’re probably reading this article because you understand how important Sysmon is to your environment. Without Sysmon, it’s difficult to log most endpoint actions unless you have advanced auditing turned… [Continue Reading]
The following is a master script that was created to check on the health for Logstash and Elasticsearch nodes. This is helpful if you don’t have x-pack setup in your… [Continue Reading]
As I’ve stated before, Sysmon is a great tool for gaining insight of what’s running in our systems and what changes are occurring in our endpoints. With that being said,… [Continue Reading]