X

You can join MEGA, the most secure cloud storage, with this referral link: https://mega.nz/aff=7Y94iYz_csg

  • Home
  • Patreon Login
  • All posts
  • Recent
  • Merch Store
  • Follow
  • Follow
  • Follow
  • Follow
  • Follow

SIEM 103 — Detect Windows bruteforce part 2

by Tristan Dostaler | Jun 3, 2022 | DFIR, Information Technology, InfoSec, Private Posts, SIEM, SIEM 100 series

This post is a follow up of the post “SIEM 102 — Detect Windows bruteforce” where I explained how to create a detection Use Case to detect a Windows bruteforce.
In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.

Why I switched from Logz.io to Humio

by Tristan Dostaler | Jan 6, 2022 | Information Technology, InfoSec, Private Posts, SIEM

I recently switched to Humio and transferred all the logs and automations I have. In this post I explain why I did this transfer.

SIEM 102 — Detect WordPress bruteforce

by Tristan Dostaler | Jan 19, 2021 | Cybersecurity, Information Technology, InfoSec, SIEM, SIEM 100 series

WordPress is one of the most popular CMS and website server in the world. It handles “more than 30%” of the websites on the internet. Because of this, bad actors are really interested in finding ways to get control of them. In this post I explain how to detect a WordPress bruteforve.

SIEM Solutions 101 — Basic usage

by Tristan Dostaler | Nov 26, 2020 | Cybersecurity, Information Technology, InfoSec, SIEM, SIEM 100 series

In this post I’ll explain the basics on using a SIEM: how to search logs and how to send alerts.

SIEM 201 — What is Sysmon

by Tristan Dostaler | Nov 25, 2020 | Cybersecurity, Information Technology, InfoSec, SIEM, SIEM 200 series, TL;DR;

In this post I’ll explain what is Sysmon, how to install it and how to use it to detect important pattern.

SIEM 102 — Detect Windows bruteforce

by Tristan Dostaler | Nov 25, 2020 | Cybersecurity, Information Technology, InfoSec, SIEM, SIEM 100 series

When we have a lot of Windows machine in our environment, it can be useful to be able to detect a bruteforce on a machine.

SIEM 202 — Detecting remote PsExec

by Tristan Dostaler | Nov 24, 2020 | Cybersecurity, DFIR, Information Technology, InfoSec, SIEM, SIEM 200 series

In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s computer.

SIEM 101 — Initial setup

by Tristan Dostaler | Nov 24, 2020 | Cybersecurity, Information Technology, InfoSec, SIEM, SIEM 100 series, TL;DR;

In this post, I’ll explain how to initially setup a SIEM so you can receive your first logs.

Never receive an alert from Windows Defender? You should!

by Tristan Dostaler | Nov 23, 2020 | Cybersecurity, Information Technology, InfoSec, Pentest, Personal, SIEM

The fact that we didn’t know Defender blocked an attack and we only learned it when we receive the report should be considered a disaster!

SIEM 101 — Introduction

by Tristan Dostaler | Nov 23, 2020 | Cybersecurity, Information Technology, InfoSec, SIEM, SIEM 100 series

In the following days, I’ll write a few blog posts explaining how to easily learn to use a SIEM.

« Older Entries

MEGA referal

You can join MEGA, the most secure cloud storage, with this referral link: https://mega.nz/aff=7Y94iYz_csg

Recent Posts

  • Lockbit ransomware – How to recover your data
  • How to secure WordPress
  • SIEM 103 — Detect Windows bruteforce part 2

Subscribe!

Support

Buy me a coffee

Follow Me

  • Twitter
  • Facebook
  • RSS Feed
  • Discord

Media and Support

  • Twitter
  • Facebook
  • RSS Feed
  • Discord
Buy me a coffee

Referal and Benefits

You can join MEGA, the most secure cloud storage, with this referral link: https://mega.nz/aff=7Y94iYz_csg

Recent posts

  • Lockbit ransomware – How to recover your data
  • How to secure WordPress
  • SIEM 103 — Detect Windows bruteforce part 2
  • Why I switched from Logz.io to Humio
  • CIS controls – where to start in securing a medium/big enterprise

Subscribe!

  • Privacy Policy