BTL1 Prep: Boss of the SOC v1 on Proxmox
In this post, I walk you through the steps of running on Proxmox the Boss of the SOC v1 challenge from CyberDefenders.
By
0xBEN
SIEM
Security Information and Event Management
By
0xBEN
Wazuh: File Integrity Monitoring
In this post, I show you how to configure and monitor File Integrity Monitoring (FIM) in Wazuh.
By
0xBEN
Threat Hunting with FleetDM and Osquery
Recently, the folks at Chainguard open-sourced some Osquery threat hunting queries, so I wrote a script to convert the queries to YAML docs for import into FleetDM.
By
0xBEN
Wazuh: Enhancing Zeek Logs with RITA
In this post, I demonstrate how to install and configure RITA on a NIDS node running Zeek and ingest the RITA output with Wazuh command logging.
By
0xBEN
Hunting with Wazuh: Adding Context
In this post, I elaborate on the Log All JSON option in the Wazuh Manager's configuration and how that can add more context beyond just alerts.
By
0xBEN
Wazuh Index Management Policy
In this post, I show how to manage your Wazuh Indexer indices in order to improve performance and manage disk space consumed by indices.
By
0xBEN
Wazuh: Exploring the OwlH Integration
In this post, I explore the OwlH integration with Wazuh and the convenience of the centralized NIDS configuration management it offers.
By
0xBEN
Wazuh: Migrating to Wazuh Dashboard, Wazuh Indexer, and to Version 4.3
In this post, I go over the procedure of migrating from OpenDistro Elasticsearch to Wazuh Indexer, OpenDistro Kibana to Wazuh Dashboard, and Wazuh 4.2 to Wazuh 4.3.
By
0xBEN
Wazuh: Mapping Sysmon Events to MITRE ATT&CK IDs
In this post, I show how I implemented and worked around some issues while adding an enhanced ruleset mapping Sysmon events to ATT&CK IDs.
By
0xBEN