BTL1 Prep: Boss of the SOC v1 on Proxmox
In this post, I walk you through the steps of running on Proxmox the Boss of the SOC v1 challenge from CyberDefenders.
By
0xBEN
Defend
Defensive cybesecurity, blue teaming
By
0xBEN
Configuring Unattended Upgrades on Debian
In this post, I show you how to configure the Unattended Upgrades service on Debian-based distributions.
By
0xBEN
Proxmox: Running OpenCTI
In this post, I walk you through steps of running an OpenCTI server to aggregate threat intelligence into a single interface.
By
0xBEN
Wazuh: File Integrity Monitoring
In this post, I show you how to configure and monitor File Integrity Monitoring (FIM) in Wazuh.
By
0xBEN
Threat Hunting with FleetDM and Osquery
Recently, the folks at Chainguard open-sourced some Osquery threat hunting queries, so I wrote a script to convert the queries to YAML docs for import into FleetDM.
By
0xBEN
Wazuh: Enhancing Zeek Logs with RITA
In this post, I demonstrate how to install and configure RITA on a NIDS node running Zeek and ingest the RITA output with Wazuh command logging.
By
0xBEN
Hunting with Wazuh: Adding Context
In this post, I elaborate on the Log All JSON option in the Wazuh Manager's configuration and how that can add more context beyond just alerts.
By
0xBEN
Wazuh Index Management Policy
In this post, I show how to manage your Wazuh Indexer indices in order to improve performance and manage disk space consumed by indices.
By
0xBEN
Wazuh: Exploring the OwlH Integration
In this post, I explore the OwlH integration with Wazuh and the convenience of the centralized NIDS configuration management it offers.
By
0xBEN