The party begins as the other one said… I'm going to show you some things that I think you'll like to be able to exploit your logs and evolve our SIEM into a SOC, Very interesting topics. First we have ElastAlert2, which is an open-source tool that will allow us to generate rule-based alerts with data stored in Elasticsearch.
The use of removable storage devices is usually not allowed in organizations, you should not at least be able to connect a USB flash drive or removable hard drives. But it is true that in exceptions, They are needed, and for this purpose a GPO is usually defined with a whitelist of allowed USB devices and applied to the users/computers that need them. But ,How do you use them??
How unoriginal I am for short titles… Well, if you have your own DNS server or DHCP server, This is your post 😉 We're not really going to get it through logs, we will do this by auditing your traffic 😉 We will audit the requests generated by the DNS service, or DHCP to view it in Grafana!
In this post we are going to try to see how to visualize any performance metric of a Windows Server computer or its services such as SQL Server, Exchange… with the intention of being able to visualize them in real time in Grafana.
This post is quite curious, since we can audit the accesses to the organization's files for free, collect those events in and store them in Elasticsearch, For what, then in a masterful way our Grafana allows us to easily visualize the accesses. And see who opened a document, modified or deleted it.
If you have a monitoring environment, This may still be your next step; And it's no more about having a tiny 7-inch screen″ at our desk, Something cute and geeky at the same time. Something that helps us to see in real time the state of our organization thanks to monitoring and operational visibility, 😎 I said .
I think that today there are not many who do not know what a Honeypot is, and how good it can be for us to have it implemented in our infrastructures. The idea of these gadgets as we know is to alert and detect attacks or curious people on the network; Well, in this post, we will also see how to integrate it with Centreon.
And we continue with more strange things… today the first one of collecting Logs to the Ubiquiti Unifi environment, of our APs, Switches… for the second time we parse., we treat the Logs with Logstash and for dessert we store it in Elasticsearch, and the icing on the cake will be visualizing it with Grafana. All this to control in real time what happens in our communications infrastructure, who is trying to access the Wisfis…
¡Come! Another one of logs please! This time we will see how to exploit the Logs of our beloved VMware vSphere environment, from the vCSA or vCenter Server Appliance we will redirect the logs to Logstash to be processed and stored in Elasticsearch, finally we will be able to visualize them in a more graphic way with Grafana. This way we will understand in real time what is happening or we will be able to have reports with the data of the last 24 hours, week, month… Fully customizable, free…
Well, Another post is about collecting logs and visualizing them to understand what is happening in our infrastructure, today we have a document where we will see how to send the Logs of a Synology to our Logstash and then store it in Elasticsearch and finally visualize it with Grafana.
Do Tailor-made training
Windows Server – VMware vSphere – Citrix Virtual Apps & Desktops – Centreon
|
We are a consulting firm that cares and pampers
|
 |
|
With quality and added value
|
 |
|
¡Let's work together!
|
 |
