Sending Logs to ELK with Winlogbeat and Sysmon

elastic.co At the end of one of my prior posts I had mentioned Beats Data Shippers; the "nitty-gritty" of how logs get from your desired endpoints to your shiny ELK stack. If you are uncertain how this works and also somehow ended up here, then you are about to learn! There are many different types … Continue reading Sending Logs to ELK with Winlogbeat and Sysmon

Auditing File & Folder Access on Windows with Local Security Policy

Working as a SOC Analyst for the summer, I've stumbled across a plethora of instances in which my coworkers and I would have benefited from a history of previous file and folder modifications. These instances vary per client, however mostly center around files and folders that are seen in our logs but are no longer … Continue reading Auditing File & Folder Access on Windows with Local Security Policy

Creating a Single-Node ELK Stack

Building off my previous post, Introduction to ELK, I figured it would be great to begin to discuss how to create a "stack." I have created multiple different stacks in the past couple months, each with their own specific purpose. While the services within an ELK stack are meant to be spread across different nodes, building … Continue reading Creating a Single-Node ELK Stack

Introduction to ELK

For the Summer of 2018, I took an internship that allowed me to continue learning hands-on in the field of Digital Forensics while also exploring the work of a Security Operations Center (SOC) Analyst. For those who are unaware what this current position entails, as I was, CIS Security defines this position as someone who helps … Continue reading Introduction to ELK