In this blog post, we are going to look at how to deploy Sysmon to all endpoints via GPO. In my case, I push all logs to my Windows Event Collector (WEC). My WEC has Winlogbeat installed so can centrally access all logs in SecurityOnion.
Setting up quick monitoring notifications that are sent via Powershell to Slack channels.
You're being handed a really large network data capture and you want to figure out if theres anything malicious in it? But, there is too much data to manually go through? How can you easily tell if anything evil has happened or if there is totally normal traffic? There a variety of awesome free tools, like for example: Zeek.
How to address PDF files and Word Documents and extract malicious indicators from within them. This is something that happens nearly every day in a SOC. An example could be: A user reports phishing and our job as Security Anaylsts is, figuring out if these files are indeed malicious. Safely, quickly and accurately.