Zeek (formerly named Bro) is my favorite network security monitoring platform, and I’ve used and promoted it throughout my career. It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting …
As I mentioned in a previous post, I recently took SANS SEC 504 and have since been studying for the accompanying GIAC Certified Incident Handler (GCIH) certification. I’m happy to say that over the weekend I passed (thank you, thank you) and wanted to share my strategy on studying for …
This post is featured on the CrowdStrike Blog. Introduction Like most cybersecurity professionals, you’re looking for an EPP that protects against current and evolving threats, is easy to deploy and manage, and is ultimately invisible to end-users. Today, there are dozens of these platforms available, and …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
R-C-E, It’s Easy as R-D-P On May 14, 2019, Microsoft published a security advisory regarding a critical remote code execution (RCE) vulnerability (CVE-2019-0708) affecting Remote Desktop Services (RDP) on older versions of Windows including XP, Vista, 7 and Server 2003/2008. Windows 8 and 10 are …
This is part of the Palo Posts how-to guides for getting the most from your Palo Alto firewall on a home or small business network. Overview So you’ve got your Palo Alto firewall successfully protecting your home network, blocking known malicious sites, and allowing system …
Palo Alto manufactures industry-leading firewall hardware, combining a number of traditional security point solutions into one single platform. The following is a collection of how-to guides to help you get the most from your Palo Alto firewall on a home or small business network. Palo …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …