Recon InfoSec | Operations

Scaling Enterprise Forensic Timelining

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Eric Capuano

In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Andrew Cook

Whether your cybersecurity detection and response capabilities are in-house or managed through a...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Eric Capuano

Now that we've normalized and enriched our events, let's get into the actual threat detection logic...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Eric Capuano

In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog –...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Eric Capuano

If you are here hoping to learn more about using Graylog for the purpose of monitoring the security...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Brian Greunke

Much has already been said about the recently reported SolarWinds compromise. In this post, we are...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Whitney Champion

Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Whitney Champion

TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Whitney Champion

I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of...

${{ picture_of_text }} {{ content.blog_author.display_name }}$

Eric Capuano

Running a Security Operations Center requires fighting a constant battle to increase analyst...