How to Integrate ELK Stack with TheHive

2
How to Integrate ELK Stack with TheHive
In this tutorial, we are going to learn how to integrate ELK stack with TheHive. ELK Stack can be configured to sent event alerts to TheHive case management system. This enables security personnel to create, investigate and follow up on various incidents or cases. How to Integrate ELK Stack with TheHive In order to integrate ELK stack with TheHive, proceed as...

Install TheHive on Ubuntu 22.04/Ubuntu 20.04

3
Install TheHive on Ubuntu 22.04/Ubuntu 20.04
Follow through this tutorial to learn how to install TheHive on Ubuntu 22.04/Ubuntu 20.04 server. TheHive, according to their documentation page, is a scalable, open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Install...

Delete Specific Records from Elasticsearch Index

0
Delete Specific Records from Elasticsearch Index
This is a simple tutorial on how to search and delete specific records from Elasticsearch index. Elasticsearch ships with a delete_by_query API that enables you to search Elasticsearch index for records that matches a specified query and delete them. So, how can you use delete_by_query API to search and delete specific records from Elasticsearch index? Delete Specific Records from Elasticsearch...

Create Custom ELK Ingest Pipeline for Custom Log Processing

0
Follow through this tutorial to learn how create custom ELK ingest pipeline for custom log processing. Elastic Stack is so flexible that it can give you ability to create your own custom pipeline processors to parse your custom logs. Elastic ingest pipelines "let you perform common transformations on your data before indexing. For example, you can use pipelines to...

Enroll Windows Systems into Osquery Fleet Manager

0
enroll Windows systems into Osquery Fleet Manager
Welcome to our guide on how to enroll Windows systems into Osquery Fleet Manager. Fleet is the most widely used open source osquery manager. Deploying osquery with Fleet enables programmable live queries, streaming logs, and effective management of osquery across 50,000+ servers, containers, and laptops. It’s especially useful for talking to multiple devices at the same time.“ Enroll Windows Systems into...

Install Fleet Osquery Manager on Oracle Linux

0
Install Fleet Osquery Manager on Debian 10
Follow through this tutorial to learn how to install Fleet osquery manager on Oracle Linux. "Fleet is the most widely used open source osquery manager. Deploying osquery with Fleet enables programmable live queries, streaming logs, and effective management of osquery across 50,000+ servers, containers, and laptops. It's especially useful for talking to multiple devices at the same time." If you...

Install Fleet Osquery Manager on Rocky Linux

0
Install Fleet Osquery Manager on Debian 10
In this tutorial, you will learn how to install Fleet osquery manager on Rocky Linux. According to its Github repository, "Fleet is the most widely used open source osquery manager. Deploying osquery with Fleet enables programmable live queries, streaming logs, and effective management of osquery across 50,000+ servers, containers, and laptops. It's especially useful for talking to multiple devices...

Install and Setup Security Onion on VirtualBox

0
Install and Setup Security Onion on VirtualBox
In this tutorial, you will learn how to install and setup Security Onion on VirtualBox. According to Security Onion page, "Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! It includes a...

Send Alert When ClamAV Finds Infected Files on Linux Systems

0
Send Alert When ClamAV Finds Infected Files on Linux Systems
In this tutorial, you will learn how to send alert when ClamAV finds infected files on Linux systems. ClamAV is an opensource antivirus engine for detecting trojans, viruses, malware & other malicious threats. It is a good idea to sent alerts whenever a malicious file is detected on the system. This enables you to take actions of analyzing the files...

Visualize ClamAV Scan Logs on ELK Stack Kibana

0
Process and Visualize ModSecurity Logs on ELK Stack
In this tutorial, you will learn how to visualize ClamAV scan logs on ELK stack Kibana. ClamAV is an opensource antivirus engine for detecting trojans, viruses, malware & other malicious threats. ELK on the other hand is a combination of opensource tools that can be used to collect, parse and visualize various system logs. Visualize ClamAV Scan Logs on ELK...