Tristan’s Cybersecurity Substack

Tristan’s Cybersecurity Substack

Home
Podcast
Notes
Chat
Merch Store
Donate to Support Me 🧡
SIEM / SOC / MDR
Archive
Leaderboard
About

November 2024

The Elasticsearch license saga
Listen now (11 mins) | Explore the recent licensing change made by Elastic, the company behind Elasticsearch and Kibana, and its impact on the…
  
Tristan Dostaler
10:44
CIS controls — where to start in securing a medium/big enterprise
CIS controls — where to start in securing a medium/big enterprise
  
Tristan Dostaler
22:14
Your server is secure? Really?
What to do after you’ve secured your servers and computers
  
Tristan Dostaler
SIEM 101 — Introduction
In the following days, I’ll write a few blog posts explaining how to easily learn to use a Security Information and Event Management, or SIEM.
  
Tristan Dostaler
Never receive an alert from Windows Defender? You should!
A few years ago, I was on the defense team when a pentest was ongoing on one of our website.
  
Tristan Dostaler
SIEM 101 — Initial setup
In this post, I’ll explain how to initially setup a SIEM so you can receive your first logs.
  
Tristan Dostaler
SIEM 202 — Detecting remote PsExec
In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s…
  
Tristan Dostaler
SIEM 102 — Detect Windows bruteforce
In this post I’ll explain how to detect a bruteforce on Windows.
  
Tristan Dostaler
SIEM 201 — What is Sysmon
In this post I’ll explain what is Sysmon, how to install it and how to use it to detect important pattern.
  
Tristan Dostaler
SIEM Solutions 101 — Basic usage
In this post I’ll explain the basics on using a SIEM: how to search logs and how to send alerts.
  
Tristan Dostaler
Information Security synonyms
Information Security, Cybersecurity, IT security, and other synonyms
  
Tristan Dostaler
© 2025 Tristan Dostaler
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture