With the pandemic period, the importance of carrying out daily work over the Internet increases and money flow is now through virtual systems. Considering this situation as an opportunity, cyber threat actors are constantly carrying out cyber attacks that are more complex, harder to detect and resulting in large financial/reputation losses. We are getting theRead More
We have collected, processed and stored logs up to this point. Now, we need to detect abnormal behavior using the data we have and generate alerts. If you did not read old posts, you can check it: How to Collect Log for SIEM? SIEM Log Aggregation and Parsing You can find some alerts and tryRead More
The first place where the generated logs are sent is the log aggregator. We can edit the logs coming here before sending them to the destination. For example, if we want to get only status codes from a web server logs, we can filter among the incoming logs and send only the desired parts toRead More
In this article, we will explain what the process injection technique is and how it can be detected with Sysmon. What is Process Injection? To put it simply, a process running code in the address space of another process is called process injection. Attackers and malware often make use of the “Process Injection” technique. ThanksRead More
What is incident response? Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages: 1- Preparation 2- Identification 3- Scope 4- Eradication 5- Recovery 6- Lessons Learned If you want to practice eventRead More
Log Collection In this article, basically explained log collection for SIEM. It contains a basic log, time, source system and a message. For example, when we look at the content of the “/var/log/auth.log” file on an Ubuntu server, we can see the source, time and message information. Logs are generally collected in the following 2Read More
After a cyber incident, data must be collected to investigate and protect evidence. Collecting data is sensitive process, should not cause the target to collapse and data corruption. Therefore, We need to make minimum changes on the target system while collecting data. It is necessary to automate the collection process to avoid situations like dataRead More