Scaling Enterprise Forensic Timelining
In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining...
Threat Hunting - A Critical Component of High Performing SOCs
Whether your cybersecurity detection and response capabilities are in-house or managed through a...
Detecting Threats with Graylog Pipelines - Part 3
Now that we've normalized and enriched our events, let's get into the actual threat detection logic...
Detecting Threats with Graylog Pipelines - Part 2
In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog –...
Detecting Threats with Graylog Pipelines - Part 1
If you are here hoping to learn more about using Graylog for the purpose of monitoring the security...
A SecDevOps Perspective on SUNBURST
Much has already been said about the recently reported SolarWinds compromise. In this post, we are...
Securing Your Velociraptor Deployment
Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and...
Graylog and Cylance Protect Integration
TL;DR - we needed to ingest multiple sources of Cylance logs into Graylog, and this is how we did...
Brokering Other Cloud Resources Behind AWS Services
I tweeted this the other day, and had a lot of folks reach out asking for more details/a diagram of...
Slacking at Security Operations
Running a Security Operations Center requires fighting a constant battle to increase analyst...