Palo Posts: How To Guides For Palo Alto Firewalls

Palo Posts: How To Guides For Palo Alto Firewalls

Palo Alto manufactures industry-leading firewall hardware, combining a number of traditional security point solutions into one singular platform. The following is a collection of how to guides to help you get the most out of your Palo Alto firewall. Palo Alto Firewall: Home Network Palo 

Zeekurity Zen – Part IV: Threat Hunting With Zeek

Zeekurity Zen – Part IV: Threat Hunting With Zeek

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Configured Zeek 

Zeekurity Zen – Part II: Zeek Package Manager

Zeekurity Zen – Part II: Zeek Package Manager

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Now we’ll introduce the Zeek Package Manager to extend Zeek’s functionality with packages 

Zeekurity Zen Zeries

Zeekurity Zen Zeries

Zeek (formerly named Bro) is my favorite network security monitoring platform, and I’ve used and promoted it throughout my career.  It generates rich network metadata that’s incredibly valuable for incident response, forensics, and general troubleshooting. For most people, the main challenge with using Zeek is in setting 

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

Zeekurity Zen – Part III: How to Send Zeek Logs to Splunk

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview In our Zeek journey thus far, we’ve: Set up Zeek to monitor some network traffic. Used Zeek Package Manager to install AF_PACKET and other useful packages. Now we’ll 

Zeekurity Zen – Part I: How to Install Zeek on CentOS 8

Zeekurity Zen – Part I: How to Install Zeek on CentOS 8

This is part of the Zeekurity Zen Zeries on building a Zeek (formerly Bro) network sensor. Overview This guide assumes you’ll be installing Zeek on CentOS 8, given how popular CentOS tends to be in the enterprise.  However, the guide should work for any RHEL-based 

Palo Alto Firewall: External Dynamic Lists

Palo Alto Firewall: External Dynamic Lists

I recently attended Palo Alto’s annual Ignite conference for the first time.  It was a great experience for learning about best practices and networking with others.  One of the things I learned was Palo Alto’s way of handling basic threat intelligence feeds.  When I say 

OSM: Open Security Monitoring

OSM: Open Security Monitoring

Introduction I’ve spent most of my career defending environments of all sizes.  What I’ve found is that the job of a defender is much less flashier and thankless as compared to an “ethical hacker.”  While there are volumes of articles, guides, and talks on penetration