Tag: Ubuntu

Storing Elasticsearch Data on a Separate Ubuntu Partition

by Zachary Burnham, posted in ELK, SOC

By default on Ubuntu Server, Elasticsearch 6.6.0 is installed to the /var/lib/elasticsearch directory on the partition your OS resides on; the system partition. If you were to have an ELK cluster running in a production environment with 100+ endpoints feeding thousands of logs everyday, you may start to find that your Elasticsearch nodes' drives are … Continue reading Storing Elasticsearch Data on a Separate Ubuntu Partition

Installing TheHive – a Security IR Platform

by Zachary Burnham, posted in Incident Response, SOC, Threat Hunting

Working in a SOC environment, it is easy to get lost in the world of case management - unable to balance and juggle the information-to-incident ratio. I have recently come across one of the better solutions to this issue; TheHive. According to their website, TheHive is a "scalable 4-in-1 open source and free security incident … Continue reading Installing TheHive – a Security IR Platform