This post might be a little different, it little is on the nonethical side. But I am writing it with curiosity. I am sure many of you many know about it. Let’s start with this thing. Recently I have been working on a project to transfer my current website to the cloud will messing around … Read more
Multi-factor authentication has been one of the incredible things that security people love. An extra layer of protection that authorized person has, have or are. Now let’s get straight to the point on configuring two-factor authentication on CentOS 7. Let’s first install the additional repository called epel Now let’s install google-authenticator Once installed type following … Read more
Opensource siem has its own place in the SOC world. Even commercial siem uses Opensource components like elasticsearch, kibana, and logstash. Some of the popular opensource SIEM include OSSIM, The ELK stack, OSSEC, Wazuh, Apache Metron and MozDef by Mozilla. The reason behind writing this post is to help with the installation process of MozDef. … Read more
One of the important things to maintain during any kind of incident is communication. Without it, the companies get to fall apart due to miscommunication which happens with a lack of communication. As seen during any kind of incident, there is an environment of chaos in which people don’t know what to do, even if … Read more
This script is only tested in centos. Tweak the script as you like. Please change the version link with a new one. Logstash:- Link Elasticsearch:- Link Kibana:- Link Credit: https://gist.github.com/kydouglas/1f68d69e856fd6d7dc223f8e1f5ae3b3
On my previous projects, I used the default installation settings for centos. But after some heavy usage getting logs from all networking devices. / directory started getting full and that struck the realization to resize the /home directory to get more space. (Dumb random command: df -h). Before starting, the mount point name would be … Read more
Monitoring logs is an important part of active defense. With that being said OSSEC is an industry-standard for HIDS, as being used by many popular commercial tools like Alienvault OSSIM and USM. Searching through the internet you will find official OSSEC web interface. But it cannot be of much use if you are looking forward … Read more
Collection of logs is an important task if your company works with some kind of user data on-premise. And logging and monitoring of networking devices are also important. In this article, I will show how to set up Syslog on Meraki and using syslog-ng to receive those logs on to your logging server. First, let’s … Read more
