SIEM Use Cases

by Sumesh MSAugust 23, 2021

Usage of proper SIEM Use Cases is critical in setting up the security operations center (SOC) operations. A use case can consist of multiple technical…

Sending McAfee ePO Threat based SNMP traps to ELK SIEM

by Sumesh MSApril 2, 2020April 2, 2020

ELK Stack processes events from a device via SNMP traps sent by the device. Configuring SNMP Server to send Threat based SNMP traps from McAfee…

SPLUNK useful commands and Search

by Upen PatelMay 2, 2018May 3, 2018

SPLUNK useful commands and Search List of commands for the installation of SPLUNK and Searching indexes sudo groupadd splunk grep splunk /etc/group sudo useradd -g…

IIS Log Analyzer using ELK

by Sumesh MSApril 29, 2018April 29, 2018

Logstash is a useful tool for processing log files that accept data from multiple sources and different formats. Logstash easly process text-based logs and send…

What’s in an index?

by Upen PatelApril 4, 2018April 24, 2018

Splunk Enterprise stores all of the data it processes in indexes. An index is a collection of databases, which are subdirectories located in $SPLUNK_HOME/var/lib/splunk. Indexes consist…

ELK Stack installation on CENTOS using YUM

by Sumesh MSMarch 25, 2018April 24, 2018

ELK is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine and a NoSQL database that…