How to Install and Configure NGINX for Kibana

In one of my prior posts, I discussed the steps necessary to set up a Single-Node ELK Stack. If you were to follow this guide, Kibana, as it stands, would be accessible to anyone on your network over Port 5601 who knows its IP Address. For myself, I could always socially outcast my roommate if … Continue reading How to Install and Configure NGINX for Kibana

Manually attach USB Device as a VMFS Datastore in ESXI

I recently attempted to upgrade the storage on my home server while looking for the means to preserve the data on my soon-to-be old drive. One solution I attempted was to attach an external USB drive and to temporarily migrate files and VMs over until I could replace the it. Upon trying this, however, I … Continue reading Manually attach USB Device as a VMFS Datastore in ESXI

Installing TheHive – a Security IR Platform

Working in a SOC environment, it is easy to get lost in the world of case management - unable to balance and juggle the information-to-incident ratio. I have recently come across one of the better solutions to this issue; TheHive. According to their website, TheHive is a "scalable 4-in-1 open source and free security incident … Continue reading Installing TheHive – a Security IR Platform

Sending Logs to ELK with Winlogbeat and Sysmon

elastic.co At the end of one of my prior posts I had mentioned Beats Data Shippers; the "nitty-gritty" of how logs get from your desired endpoints to your shiny ELK stack. If you are uncertain how this works and also somehow ended up here, then you are about to learn! There are many different types … Continue reading Sending Logs to ELK with Winlogbeat and Sysmon

Auditing File & Folder Access on Windows with Local Security Policy

Working as a SOC Analyst for the summer, I've stumbled across a plethora of instances in which my coworkers and I would have benefited from a history of previous file and folder modifications. These instances vary per client, however mostly center around files and folders that are seen in our logs but are no longer … Continue reading Auditing File & Folder Access on Windows with Local Security Policy

Creating a Single-Node ELK Stack

Building off my previous post, Introduction to ELK, I figured it would be great to begin to discuss how to create a "stack." I have created multiple different stacks in the past couple months, each with their own specific purpose. While the services within an ELK stack are meant to be spread across different nodes, building … Continue reading Creating a Single-Node ELK Stack

Introduction to ELK

For the Summer of 2018, I took an internship that allowed me to continue learning hands-on in the field of Digital Forensics while also exploring the work of a Security Operations Center (SOC) Analyst. For those who are unaware what this current position entails, as I was, CIS Security defines this position as someone who helps … Continue reading Introduction to ELK