This post is a follow up of the post “SIEM 102 — Detect Windows bruteforce” where I explained how to create a detection Use Case to detect a Windows bruteforce.
In this post I will explain how we can enhance the original detection logic by having a lower False Positive rate.
Why I switched from Logz.io to Humio
I recently switched to Humio and transferred all the logs and automations I have. In this post I explain why I did this transfer.
SIEM Solutions 101 — Basic usage
In this post I’ll explain the basics on using a SIEM: how to search logs and how to send alerts.
SIEM 201 — What is Sysmon
In this post I’ll explain what is Sysmon, how to install it and how to use it to detect important pattern.
SIEM 202 — Detecting remote PsExec
In this post I’ll explain how to detect an attacker that uses PsExec to connect to your computer when you don’t have visibility over the attacker’s computer.
SIEM 101 — Initial setup
In this post, I’ll explain how to initially setup a SIEM so you can receive your first logs.
Never receive an alert from Windows Defender? You should!
The fact that we didn’t know Defender blocked an attack and we only learned it when we receive the report should be considered a disaster!
SIEM 101 — Introduction
In the following days, I’ll write a few blog posts explaining how to easily learn to use a SIEM.
Your server is secure? Really?
You’ve hardened all you could on your servers or computers, and think your secure? Think again!