This post is a follow up of the post “SIEM 102 — Detect Windows bruteforce” where I explained how to create a detection Use Case to detect a Windows bruteforce.
In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.
SIEM 102 — Detect WordPress bruteforce
WordPress is one of the most popular CMS and website server in the world. It handles “more than 30%” of the websites on the internet. Because of this, bad actors are really interested in finding ways to get control of them. In this post I explain how to detect a WordPress bruteforve.
SIEM Solutions 101 — Basic usage
In this post I’ll explain the basics on using a SIEM: how to search logs and how to send alerts.
SIEM 102 — Detect Windows bruteforce
When we have a lot of Windows machine in our environment, it can be useful to be able to detect a bruteforce on a machine.
SIEM 101 — Initial setup
In this post, I’ll explain how to initially setup a SIEM so you can receive your first logs.
SIEM 101 — Introduction
In the following days, I’ll write a few blog posts explaining how to easily learn to use a SIEM.