Monitoring

Cybercrime is on the rise, and those numbers are scary. Every day, we lose more than 800,000 records. Nobody is immune; this includes individuals, entrepreneurs, and multinational enterprises. The danger is growing as more and more individuals move their daily lives online. Unfortunately, as technology develops, so do cybercriminals' capabilities, allowing them to conduct more complex and damaging attacks. In the...

In this tutorial, you will learn how an easy way to integrate TheHive with Cortex. TheHive, an open source and free Security Incident Response Platform, can be integrated with Cortex, to automate the analysis of observables such as IP and email addresses, URLs, domain names, files or hashes etc. Easy way to Integrate TheHive with Cortex To integrate TheHive with Cortex; Install...

Follow through this tutorial to learn how to enable and configure Cortex Analyzers. Cortex is an opensource software created by TheHive that can be used by IT security personnel to manually or automatically (through Cortex REST APIs) analyze event/incident observables and IOCs such as IP addresses, file, hashes, domain names, URLs, email addresses e.t.c. Analyzers allow analysts and security...

In this tutorial, you will learn how to install Cortex on Ubuntu 22.04/Ubuntu 20.04. Cortex is a powerful observable analysis and active response engine that can be used by SOC analysts or any IT security personnel to analyze collected event/incident observables at scale by by querying a single tool instead of multiple tools, actively respond to threats and interact with...

Follow through this tutorial to learn how to integrate TheHive with MISP. TheHive, a Security Incident Response Platform (SIRP) can be integrated with MISP, (Malware Information Sharing Platform) to make the investigation of any security incidents easy for SOC analysts, CSIRTs or CERTs. How to Integrate TheHive with MISP To integrate TheHive with MISP, you can deploy each of these components...

In this tutorial, you will learn how to install MISP on Ubuntu 22.04/Ubuntu 20.04. MISP, an acronym for Malware Information Sharing Platform, is an open source threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Install MISP on Ubuntu 22.04/Ubuntu 20.04 To install MISP on...

In this tutorial, we are going to learn how to integrate ELK stack with TheHive. ELK Stack can be configured to sent event alerts to TheHive case management system. This enables security personnel to create, investigate and follow up on various incidents or cases. How to Integrate ELK Stack with TheHive In order to integrate ELK stack with TheHive, proceed as...

Follow through this tutorial to learn how to install TheHive on Ubuntu 22.04/Ubuntu 20.04 server. TheHive, according to their documentation page, is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Install...

This is a simple tutorial on how to search and delete specific records from Elasticsearch index. Elasticsearch ships with a delete_by_query API that enables you to search Elasticsearch index for records that matches a specified query and delete them. So, how can you use delete_by_query API to search and delete specific records from Elasticsearch index? Delete Specific Records from Elasticsearch...

Follow through this tutorial to learn how create custom ELK ingest pipeline for custom log processing. Elastic Stack is so flexible that it can give you ability to create your own custom pipeline processors to parse your custom logs. Elastic ingest pipelines "let you perform common transformations on your data before indexing. For example, you can use pipelines to...