Security Misconfigurations: A Deep Dive
Managing configurations in a complex environment can be like playing a game of digital Jenga. Turning off one port to protect an application can undermine the service of a connected device. Writing an overly conservative firewall configuration can prevent remote workforce members from accessing an application that’s critical to getting their work done. In the […]
Graylog Parsing Rules and AI Oh My!
In the log aggregation game, the biggest difficulty you face can be setting up parsing rules for your logs. To qualify this statement: simply getting log files into Graylog is easy. Graylog also has out-of-the-box parsing of a wide variety of common log sources, so if your logs fall into one of the many categories of […]
Announcing Graylog 6.1.7
Announcing Graylog 6.1.7 This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed. Download Links DEB and RPM packages are available in our repositories Docker Compose Container images: Graylog Open Graylog Enterprise Graylog Data Node Tarballs for manual installation: Graylog Server Graylog Server (bundled JVM, linux-x64) Graylog […]
Announcing Graylog V6.0.12
Announcing Graylog 6.0.12 This is a bug-fix release that improves Graylog’s functionality. Please read on for information on what has changed. Download Links DEB and RPM packages are available in our repositories Docker Compose Container images: Graylog Open Graylog Enterprise Graylog Data Node Tarballs for manual installation: Graylog Server Graylog Server (bundled JVM, linux-x64) […]
The Ultimate Guide to Sigma Rules
In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that […]
Using MITRE ATT&CK for Incident Response Playbooks
A structured approach to incident response enables you to create consistently repeatable processes. Your incident response playbook defines responsibilities and guides your security team through a list of activities to reduce uncertainty if or when an incident occurs. MITRE ATT&CK Framework outlines the tactics and techniques that threat actors use during different stages of an […]
Adversary Tradecraft: A Deep Dive into RID Hijacking and Hidden Users
Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems. This blog post explores hands-on how […]
DNS Security Best Practices for Logging
Your Domain Name System (DNS) infrastructure enables users to connect to web-based resources by translating everyday language into IP addresses. Imagine going into a restaurant, in the age before the internet, only to find that the staff speaks and the menu is written in a different language from yours. Without some shared communication form, you […]
Load Balancing Graylog with NGINX: Ultimate Guide
In cybersecurity, “Load Balancing Graylog with Nginx: The Ultimate Guide” is your reference guide. This guide helps to install Nginx. Imagine your Graylog, already proficient at managing vast log data, now enhanced with the Nginx load balancing capability to ensure peak performance. NGINX ensures your Graylog cluster isn’t over-taxed, similar to a well-organized team where […]
Telemetry: What It Is and How it Enables Security
If you have ever built a LEGO set, then you have a general idea of how telemetry works. Telemetry starts with individual data points, just like your LEGO build starts with a box of bricks. In complex IT environments, your security telemetry is spread across different technologies and monitoring tools, just like in a large […]
The Why and What of AWS Lambda Monitoring
Serverless architectures are the rental tux of computing. If you’re using AWS to manage and scale your underlying infrastructure, you’re renting compute time or storage space. Your Lambda functions are the tie or cummerbund you purchase to customize your rental. Using the AWS event-driven architecture improves business agility, allowing you to move quickly. Lambda […]
Understanding Ubuntu Logs
Linux, Debian, and Ubuntu are the Kirk, Spock, and McCoy of modern application development. The Captain Kirk, Linux, is the open-source central code for directing and talking to hardware. Debian sits as the trio’s Spock, the original distro that can be seen as more complex to install and use. As a Debian child distro, Ubuntu […]
