Zeekurity Zen – Part IX: How To Update Zeek

Zeekurity Zen – Part IX: How To Update Zeek

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install packages. Configured Zeek to send logs to 

cool tools, how-to, incident response, information security, network security monitoring
-
by
-
0 Comments
Elastic Explained: How-To Guides For The Elastic Stack

Elastic Explained: How-To Guides For The Elastic Stack

Elastic develops the popular log analytics platform, the Elastic Stack, which supports a variety of search, observability, and security use cases through its many out of the box integrations.  It’s a great platform for collecting, analyzing, and visualizing data from your Zeek sensor and other sources. 

cool tools, how-to, information security
-
by
-
0 Comments
How To Deploy Elastic Agent on macOS with Microsoft Intune

How To Deploy Elastic Agent on macOS with Microsoft Intune

This guide details how to deploy Elastic Agent on macOS using Intune.  For Windows, please use my companion guide. Using Elastic Agent with Elastic SIEM is a great way to secure and monitor your environment.  Not only does it provide full endpoint security capabilities, it’s 

cool tools, how-to, information security
-
by
-
0 Comments
How To Deploy Elastic Agent on Windows with Microsoft Intune

How To Deploy Elastic Agent on Windows with Microsoft Intune

This guide details how to deploy Elastic Agent on macOS using Intune.  For macOS, please use my companion guide. Using Elastic Agent with Elastic SIEM is a great way to secure and monitor your environment.  Not only does it provide full endpoint security capabilities, it’s 

cool tools, how-to, information security
-
by
-
0 Comments
Secure and Monitor Microsoft 365 with Elastic

Secure and Monitor Microsoft 365 with Elastic

Overview In this blog, we’ll walkthrough the custom Microsoft 365 dashboards presented in my Securing Microsoft 365 with Elastic talk at ElasticON Global 2021. So, you checked out my Securing Microsoft 365 with Elastic talk at ElasticON Global 2021 and got excited about securing your own environment.  

cool tools, information security
-
by
-
0 Comments
Zeekurity Zen Zeries

Zeekurity Zen Zeries

Zeek is my favorite network security monitoring platform, and I’ve used it throughout my career.  It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting it up.  While today 

cool tools, how-to, incident response, information security, network security monitoring
-
by
-
7 Comments
Zeekurity Zen – Part I: How to Install Zeek on Ubuntu

Zeekurity Zen – Part I: How to Install Zeek on Ubuntu

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview This guide assumes you’ll be installing Zeek on Ubuntu 22.04 LTS.  However, the guide should work for any reasonably recent versions of Ubuntu. Kicking things off, we’ll optimize Ubuntu to 

cool tools, how-to, incident response, information security, network security monitoring
-
by
-
58 Comments
OSM: Open Security Monitoring

OSM: Open Security Monitoring

Introduction I’ve spent most of my career defending environments of all sizes.  What I’ve found is that the job of a defender is much less flashier and thankless as compared to an “ethical hacker.”  While there are volumes of articles, guides, and talks on penetration 

cool tools, incident response, information security, network security monitoring
-
by
-
0 Comments