Monitor full network traffic with Arkime aka. Moloch

Monitoring the corporate network is a crucial part to safeguard the network against malicious threat actors. One may argue that there are IDS and IPS to detect malicious traffic on the network. Those advanced security devices can indeed be useful but one cannot see the full picture of the network. For example, IDS and IPS … Read more

AWS Security Audit – Scout2 for Security Auditing on your AWS Infrastructure

The cloud platform is a way to go for most companies today. With all the advantages like scalable, redundant, fault-tolerant, and highly available infrastructure, the cloud seems like a way to go for when thinking of long term growth. Let’s not go to the overly discussed topic of cloud vs on-primes infrastructure. Security should be … Read more

Deploy the Mattermost server. Install Mattermost on Ubuntu using PostgreSQL and Nginx. A privacy alternative for slack.

Communication is the most important aspect of the team’s success. Having efficient communication with the team members has to be a key component for any team leader. This key component in today’s corporate environment is dominated by Instant messaging tools like slack and discord. This wasn’t the case before, instead the use of email was … Read more

Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence

You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today’s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor … Read more

Winlogbeat and Sysmon setup. Integration with ELK

This post is all about windows logging with winlogbeat and sysmon in place to collect all the important logs possible. Without getting into details about the installation of ELK stack I will get started with the installation of services and configuring the server to process that logs. Here is the link for installation script for … Read more

Install MozDef on ubuntu

Opensource siem has its own place in the SOC world. Even commercial siem uses Opensource components like elasticsearch, kibana, and logstash. Some of the popular opensource SIEM include OSSIM, The ELK stack, OSSEC, Wazuh, Apache Metron and MozDef by Mozilla. The reason behind writing this post is to help with the installation process of MozDef. … Read more