Recon InfoSec

Detecting Threats with Graylog Pipelines - Part 3

Eric Capuano on graylog, incident response, secops, security, soc, infosec, monitoring, operations, threat hunting | 15 Jan 2021

Leverage Graylog to detect threats within your environment.…

Detecting Threats with Graylog Pipelines - Part 2

Eric Capuano on graylog, infosec, logging, operations, secops, security, soc, monitoring | 04 Jan 2021

In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog – now let's move towards some more advanced topics. Now that you have normalized your data in an early stage pipeline, you can craft enrichment pipelines that can now expect predictable field names for standard…

Detecting Threats with Graylog Pipelines - Part 1

Eric Capuano on graylog, infosec, logging, operations, secops, security, soc, monitoring | 31 Dec 2020

If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real. In this series of posts, I will share how we have historically leveraged Graylog's Pipeline capability to implement various threat detection…

The Training Secrets of Great Security Operations Teams

Brian Greunke, Bob Drobish on infosec, ndr, secops, training | 22 Dec 2020

We have completed thousands of hours training teams and the primary factor which distinguishes good teams from great teams is how they train.…

A SecDevOps Perspective on SUNBURST

Brian Greunke on continuous integration, devops, exploit, operations | 16 Dec 2020

A discussion on some of the underlying software and development processes that are reported to have been involved in the initial compromise in the SUNBURST attack.…

Endpoint Logging For The Win!

Samuel Kimmons on logging, security, infosec, dfir, defense, secops, forensics | 03 Nov 2020

Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility…

Recon Launches SOC X

Kelley Wilds on infosec, ndr, training, dfir, incident response, secops, security, threat hunting, forensics | 20 Oct 2020

The Recon team is excited to announce the launch of SOC X, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.…

Recon Launches Network Defense Range (NDR) Live Online

Kelley Wilds on blackhat, ndr, threat hunting, training, dfir, forensics, incident response, infosec, secops, security | 06 Oct 2020

The Recon team is thrilled to announce our newest offering, NDR Live Online! NDR Live Online gives organizations the opportunity to develop individual analysts and teams with remotely-delivered, live-fire, scenario-based, experiential training throughout the year.…

Securing Your Velociraptor Deployment

Whitney Champion on aws, cognito, devops, forensics, dfir, identity aware proxy, infosec, incident response, operations, secops, security, threat hunting, velociraptor | 23 Sep 2020

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source! We use it extensively, and we have also embedded it into our NDR Training! If you are unfamiliar: Source:…

Mapping Adversary Emulation Plans

Brian Greunke on automation, defense, MITRE ATT&CK, ndr, threat hunting | 18 Sep 2020

Create a MITRE ATT&CK Navigator Map of an Adversary Emulation Plan…