Usage of proper SIEM Use Cases is critical in setting up the security operations center (SOC) operations. A use case can consist of multiple technical…
ELK Stack processes events from a device via SNMP traps sent by the device. Configuring SNMP Server to send Threat based SNMP traps from McAfee…
Search Guard Installation and Concepts Search Guard is an Open Source Elasticsearch plugin that offers encryption, authentication, and authorization and can be used to secure…
Wazuh is a popular open source security detection, visibility, and compliance project which was born as a fork of OSSEC HIDS, and integrates with Elastic…
Searches returns a SINGLE VALUE representing the number of items purchased? sourcetype=access_* action=purchase | stats count What kind of charts represent a series in a…
Event logs are the valuable source of information in detecting and investigating security incidents. As part of the regulatory requirements many companies collect and store…
Splunk Enterprise Installation Script This is a simple shell script for the installation Splunk enterprise in linux. Once the file is created make it executable…
SPLUNK useful commands and Search List of commands for the installation of SPLUNK and Searching indexes sudo groupadd splunk grep splunk /etc/group sudo useradd -g…
Logstash is a useful tool for processing log files that accept data from multiple sources and different formats. Logstash easly process text-based logs and send…