Categories
SIEM

How to Collect Log for SIEM?

Log Collection It contains a basic log, time, source system and a message. For example, when we look at the content of the “/var/log/auth.log” file on an Ubuntu server, we can see the source, time and message information. Logs are generally collected in the following 2 ways: Log Agents Agentless We created online lab forRead More

Categories
Detection

Resources of Getting Started in Cyber Security Analyst

We see that the need for soc analysts is constantly increasing in the rising defensive security industry. General skills that a successful security analyst should have are as follows: Netflow analysis Threat Intelligence Log Analysis Network Monitoring Network Security We’ve gathered free / paid resources that you can use to improve these skills. If thereRead More

Categories
SIEM

Build Your Own Simple Data Collection Tool From Endpoint

After a cyber incident, data must be collected to investigate and protect evidence. Collecting data is sensitive process, should not cause the target to collapse and data corruption. Therefore, We need to make minimum changes on the target system while collecting data. It is necessary to automate the collection process to avoid situations like dataRead More

Categories
Attacking Detection

Attacking SIEM with Fake Logs

In order to ensure to cyber security of an organization, the logs of the systems it owns must be collected, analyzed and repeated continuously. For provide the continuous of the process, monitoring systems can be installed. The fact that what is happening inside is being followed reduces the attack area of ​​the attackers. But itRead More

Categories
Writeup

WriteUp SOC101 – Phishing Mail Detected – EventID 8

First of all, I take a look at the alarms on the Monitoring page and choose one to review. I selected the “Phishing mail detected” alarm and press the “+” button to view the details. As seen in the device action section, the mail has reached the end user. I’m starting to investigate by forwardingRead More

Categories
Detection Phishing

How to Investigate Phishing Campaigns?

Phishing attack is a type of attack aimed at stealing personal data of the user in general by clicking on malicious links to the users via email or running malicious files on their computer. Phishing attacks correspond to the “Delivery” phase in the Cyber ​​Kill Chain model created to analyze cyber attacks. The delivery stageRead More

Categories
Detection Python

Reputation Based Detection with Python

The purpose of the reputation based detection systems is detecting low reputation behaviors (Low reputation file opening, requesting IP address). The suspicious situation will be noticed when requesting low reputation IP address within a network using this system. I will show basically how to create reputation based detection system. I’ll use 3rd party resources forRead More