Zeek is my favorite network security monitoring platform, and I’ve used it throughout my career. It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting it up. While today …
As I mentioned in a previous post, I recently took SANS SEC 504 and have since been studying for the accompanying GIAC Certified Incident Handler (GCIH) certification. I’m happy to say that over the weekend I passed (thank you, thank you) and wanted to share my strategy on studying for …
Introduction Like most cybersecurity professionals, you’re looking for an EPP that protects against current and evolving threats, is easy to deploy and manage, and is ultimately invisible to end-users. Today, there are dozens of these platforms available, and choosing the right one for your business is …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
Elastic develops the popular log analytics platform, the Elastic Stack, which supports a variety of search, observability, and security use cases through its many out of the box integrations. It’s a great platform for collecting, analyzing, and visualizing data from your Zeek sensor and other sources. …
This guide details how to deploy Elastic Agent on macOS using Intune. For Windows, please use my companion guide. Using Elastic Agent with Elastic SIEM is a great way to secure and monitor your environment. Not only does it provide full endpoint security capabilities, it’s …
This guide details how to deploy Elastic Agent on macOS using Intune. For macOS, please use my companion guide. Using Elastic Agent with Elastic SIEM is a great way to secure and monitor your environment. Not only does it provide full endpoint security capabilities, it’s …
Overview In this blog, we’ll walkthrough the custom Microsoft 365 dashboards presented in my Securing Microsoft 365 with Elastic talk at ElasticON Global 2021. So, you checked out my Securing Microsoft 365 with Elastic talk at ElasticON Global 2021 and got excited about securing your own environment. …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …
This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to …