Detection As Code (DAC) with Elasticsearch
One of the coolest things I like most about the ELK stack is the open-source nature of the solution, as well as the contributions it has been making to Detection as Code (DAC) development. https://github.com/elastic/detection-rules Let’s go through the development life cycle to complete testing of this rule. First, we must validate the syntax and…
Detecting discovery commands using MITRE Caldera and Splunk
We are going to review logs in Splunk based on our BAS testing of Discovery techniques from MITRE Caldera. One discovery technique we want to detect is identifying which antivirus software is running on a machine. An attacker can use this information to disable or evade detection by the antivirus. We can review the report…
Ingesting Cribl logs into Amazon S3 bucket
In this blog, we will learn how to send Cribl Edge logs to a data lake. The purpose of doing this is to store logs in a cost-effective, long-term storage solution without needing to use or store them in a SIEM. This approach allows for incident response investigations if needed, while avoiding the necessity of…
Ingesting Cribl Edge logs into Splunk HEC
In this blog, we will demonstrate how to send Cribl Edge logs to Splunk using the HTTP Event Collector (HEC). HEC is a Splunk feature that allows you to send data and application events to your Splunk deployment over HTTP or HTTPS protocols using token-based authentication. To start, ensure you have a source ingesting logs…
Cribl Edge to Cribl Stream
I have completed my Cribl user certification and wanted to showcase what I learned through a quick demo. The goal of this assignment was to run Cribl Edge on my local computer using WSL and Cribl Stream on a Virtual Machine in VirtualBox. I then wanted to forward the logs from Cribl Edge to Cribl…
Networking-Dojo 