This is part 2 in which we will be setting up Sysmon in our WEF server. As you saw in the previous article, there is no option for Sysmon subscription… [Continue Reading]
This will be a 3 part series in which we will setup a Windows Event Forwarder server which will collect event logs from Domain-joined Windows workstations based on subscriptions that… [Continue Reading]
Here’s a way to deploy Sysmon to all of your domain endpoints using Group Policy. Step1: Create sysmon install batch file First create a batch file that will be placed… [Continue Reading]
Now that we’re collecting logs from various sources including Sysmon, we have access to file hash information. A while back I came across this SANS article on incorporating Virustotal to… [Continue Reading]
At this point you have setup the Elasticsearch stack along with a Windows host in which you are collecting logs using Winlogbeat. Now it’s time to start visualizing and searching… [Continue Reading]
Now that you have your Elasticsearch Stack setup on multiple servers or a single server it’s time to start sending some data over. Prerequisites: Winlogbeat – Download here (64-bit) Windows… [Continue Reading]
In this series we will go ahead and setup Elasticsearch 5 to collect Windows Logs. The point of this tutorial is to setup a test environment for Elasticsearch on a… [Continue Reading]
In this series we will go ahead and setup Elasticsearch 5 to collect Windows Logs. The point of this tutorial is to have a truly distributed test Elasticsearch cluster environment which… [Continue Reading]
Vcenter allows you to add notes/comments into the Annotations field per individual VMs. This is very handy if you manage a large environment in which you need to descriptions about… [Continue Reading]
This will be our new blog that will be focused on System Administration & Security articles. You can expect to find guides, scripts, and other useful articles that may be… [Continue Reading]