Category: SIEM

Categories
SIEM

Zero Trust, The Model We Need

With the pandemic period, the importance of carrying out daily work over the Internet increases and money flow is now through virtual systems. Considering this situation as an opportunity, cyber threat actors are constantly carrying out cyber attacks that are more complex, harder to detect and resulting in large financial/reputation losses. We are getting theRead More

Categories
Detection SIEM

How to Create Alert for SIEM?

We have collected, processed and stored logs up to this point. Now, we need to detect abnormal behavior using the data we have and generate alerts. If you did not read old posts, you can check it: How to Collect Log for SIEM? SIEM Log Aggregation and Parsing You can find some alerts and tryRead More

Categories
SIEM

SIEM Log Aggregation and Parsing

The first place where the generated logs are sent is the log aggregator. We can edit the logs coming here before sending them to the destination. For example, if we want to get only status codes from a web server logs, we can filter among the incoming logs and send only the desired parts toRead More

Categories
Detection SIEM

Process Injection Detection with Sysmon

In this article, we will explain what the process injection technique is and how it can be detected with Sysmon. What is Process Injection? To put it simply, a process running code in the address space of another process is called process injection. Attackers and malware often make use of the “Process Injection” technique. ThanksRead More

Categories
Detection SIEM

How to Create Incident Response Plan?

What is incident response? Incident response is an approach to managing a security incident process. An incident response plan is needed to approach security incidents systematically. A successful incident response plan includes the following 6 stages: 1- Preparation 2- Identification 3- Scope 4- Eradication 5- Recovery 6- Lessons Learned If you want to practice aboutRead More

Categories
SIEM

How to Collect Log for SIEM?

Log Collection It contains a basic log, time, source system and a message. For example, when we look at the content of the “/var/log/auth.log” file on an Ubuntu server, we can see the source, time and message information. Logs are generally collected in the following 2 ways: Log Agents Agentless We created online lab forRead More

Categories
SIEM

Build Your Own Simple Data Collection Tool From Endpoint

After a cyber incident, data must be collected to investigate and protect evidence. Collecting data is sensitive process, should not cause the target to collapse and data corruption. Therefore, We need to make minimum changes on the target system while collecting data. It is necessary to automate the collection process to avoid situations like dataRead More