Working in a SOC environment, it is easy to get lost in the world of case management - unable to balance and juggle the information-to-incident ratio. I have recently come across one of the better solutions to this issue; TheHive. According to their website, TheHive is a "scalable 4-in-1 open source and free security incident … Continue reading Installing TheHive – a Security IR Platform
elastic.co At the end of one of my prior posts I had mentioned Beats Data Shippers; the "nitty-gritty" of how logs get from your desired endpoints to your shiny ELK stack. If you are uncertain how this works and also somehow ended up here, then you are about to learn! There are many different types … Continue reading Sending Logs to ELK with Winlogbeat and Sysmon
Working as a SOC Analyst for the summer, I've stumbled across a plethora of instances in which my coworkers and I would have benefited from a history of previous file and folder modifications. These instances vary per client, however mostly center around files and folders that are seen in our logs but are no longer … Continue reading Auditing File & Folder Access on Windows with Local Security Policy
Building off my previous post, Introduction to ELK, I figured it would be great to begin to discuss how to create a "stack." I have created multiple different stacks in the past couple months, each with their own specific purpose. While the services within an ELK stack are meant to be spread across different nodes, building … Continue reading Creating a Single-Node ELK Stack
For the Summer of 2018, I took an internship that allowed me to continue learning hands-on in the field of Digital Forensics while also exploring the work of a Security Operations Center (SOC) Analyst. For those who are unaware what this current position entails, as I was, CIS Security defines this position as someone who helps … Continue reading Introduction to ELK
Burnham Forensics 