Few months back, I had the opportunity to conduct two workshops at BSidesDelhi and CSI Mumbai on the above topic. Both sessions were great experiences and allowed me to see the growing interest among the information security folks for the opensource ELK stack. Those who know me personally or follow me on social media (Twitter/Linkedin) […]
ELK Stack is a collection of three components – Elasticsearch, Logstash & Kibana Logstash – This component is responsible for processing incoming data. It takes input from different sources, executes different transformations and stores the results in Elasticsearch or other formats Elasticsearch – NoSQL database based on Apache Lucene’s search engine. Kibana – Web […]
An important aspect of effective threat hunting is to understand what is normal in an environment. If a threat hunter is able to baseline the normal behaviour in a system then any abnormality is most likely due to an actor that has newly entered the environment. This actor could be a new software installation, new […]
Before we start to configure our decoys and put it in our production environment, let’s take a look at what exactly it is and how it differs from the usual honeypot. Honeypots are vulnerable systems configured to lure the attacker who is present in an organization. This attacker need not be from outside the environment. […]
Most organizations face a barrage of attacks every day from threat actors around the globe. Among the various vectors, attackers have found relatively high degree of success by (spear) phishing employees of the organization. This allows attackers to bypass perimeter defences and gain a foothold in the internal network. SOC teams have multiple approaches to […]
If you are looking to navigate your way through the complexities of Big Data and its use in Security, here are some links to get you off the ground: Big Data Basics What is Big Data Which are the major technologies used for Big Data Hadoop (Apache’s open-source implementation of Google’s MapReduce algo) Elastic Search, […]
