tail -f security.log

information security

Zeekurity Zen – Part II: Zeek Package Manager

Zeekurity Zen – Part II: Zeek Package Manager

This is part of the Zeekurity Zen Zeries on building a Zeek (Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Now we’ll introduce the Zeek Package Manager to extend Zeek’s functionality with packages contributed […]

Zeekurity Zen Zeries

Zeekurity Zen Zeries

Zeek (formerly named Bro) is my favorite network security monitoring platform, and I’ve used and promoted it throughout my career.  It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting […]

How to Choose the Right EPP / EDR Solution

How to Choose the Right EPP / EDR Solution

This post is featured on the CrowdStrike Blog. Introduction Like most cybersecurity professionals, you’re looking for an EPP that protects against current and evolving threats, is easy to deploy and manage, and is ultimately invisible to end-users.  Today, there are dozens of these platforms available, and […]

Zeekurity Zen – Part III: How to Send Zeek (Bro) Logs to Splunk

Zeekurity Zen – Part III: How to Send Zeek (Bro) Logs to Splunk

This is part of the Zeekurity Zen Zeries on building a Zeek (Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Now we’ll send […]

Zeekurity Zen – Part I: How to Install Zeek (Bro) on CentOS 7

Zeekurity Zen – Part I: How to Install Zeek (Bro) on CentOS 7

This is part of the Zeekurity Zen Zeries on building a Zeek (Bro) network sensor. Overview This guide assumes you’ll be installing Zeek on CentOS 7, given how popular CentOS tends to be in the enterprise.  However, the guide should work for any RHEL-based flavors […]

How To Build a SANS GIAC Index

How To Build a SANS GIAC Index

One of the keys to passing SANS GIAC exams is to build a comprehensive index to quickly find information during the exam.  Building an index will also help you study as it forces you to thoroughly review the material.  The steps below detail how to […]

How to determine your Ring Doorbell Pro firmware version

How to determine your Ring Doorbell Pro firmware version

I have a love/hate relationship with my Ring Doorbell.  When I purchased it in 2016 it worked great for a year with minimal issues.  As it became more popular, I noticed the quality dropped with video freezes, black videos, and missed motion events.  This led […]

Palo Alto Firewall: macOS Updates NSURLErrorDomain error -1012

Palo Alto Firewall: macOS Updates NSURLErrorDomain error -1012

About a month ago, I enabled decryption on my Palo Alto firewall and limited it only to traffic to and from my MacBook Pro.  It’s worked well and provided great visibility into the vast amounts of encrypted traffic that we see nowadays. So what’s this […]