We can't start a recap post without a huge THANK YOU to the community for joining us last week and making SOC X such a success!
SOC X 2021 - A Recap
Mar 8, 2021 2:08:00 PM / by Kelley Wilds posted in SOC X, Security, SOC, InfoSec, OpenSOC, Events, NDR, Defense
Detecting Threats with Graylog Pipelines - Part 3
Jan 15, 2021 2:14:00 PM / by Eric Capuano posted in Incident Response, Operations, SecOps, Security, SOC, InfoSec, Threat Hunting, Monitoring, Graylog
Now that we've normalized and enriched our events, let's get into the actual threat detection logic that brings SIEM-like features to open source Graylog.
Detecting Threats with Graylog Pipelines - Part 2
Jan 4, 2021 5:01:00 PM / by Eric Capuano posted in Operations, SecOps, Security, SOC, InfoSec, Monitoring, Graylog, Logging
In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog – now let's move towards some more advanced topics.
Detecting Threats with Graylog Pipelines - Part 1
Dec 31, 2020 5:16:00 PM / by Eric Capuano posted in Operations, SecOps, Security, SOC, InfoSec, Monitoring, Graylog, Logging
If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real.
Endpoint Logging For The Win!
Nov 3, 2020 10:32:00 AM / by Samuel Kimmons posted in DFIR, Forensics, SecOps, Security, InfoSec, Defense, Logging
Whether you're on the Defensive or Offensive side of security, it's important to understand how common attack tools look in an environment. As someone defending a network, the use of proper logging can help prevent visibility gaps. You could have the best perimeter detections that are available, but without visibility into the activity on your endpoints, you're essentially missing a piece of the puzzle.
Recon Launches SOC X
Oct 20, 2020 10:35:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR
The Recon team is excited to announce the launch of SOC X™, the Professional SOC Team World Championship! The inaugural event will be on March 4, 2021.
Recon Launches Network Defense Range (NDR) Live Online
Oct 6, 2020 10:40:00 AM / by Kelley Wilds posted in DFIR, Incident Response, Forensics, SecOps, Security, InfoSec, Training, Threat Hunting, NDR, BlackHat
The Recon team is thrilled to announce our newest offering, NDR Live Online!
Securing Your Velociraptor Deployment
Sep 23, 2020 10:51:00 AM / by Whitney Champion posted in DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, InfoSec, Threat Hunting, DevOps, AWS, Cognito, Identity Aware Proxy
Our team are huge fans of Velociraptor. It's an incredibly powerful tool, for both DFIR and endpoint management. It currently supports Windows, Linux, and Mac endpoints, and BONUS: it's open source!
Automating Detection Coverage Analysis with ATT&CK Navigator
Feb 13, 2020 1:52:00 PM / by Brian Greunke posted in Automation, DFIR, SecOps, Security, Threat Hunting, Defense, Graylog, Continuous Integration, MITRE ATT&CK
Staying on-top of the latest adversarial methodologies means quickly adjusting to new TTPs and requires a thorough and constant understanding of your own detection capabilities. Given a rapidly changing, dynamic environment, this level of attention can't be a manual process, it requires the magic of automation.
Integrating Graylog With TheHive
Jan 31, 2020 2:11:00 PM / by Whitney Champion posted in Automation, DFIR, Incident Response, SecOps, Security, Defense, Python, Graylog, DevOps, TheHive, Cortex, API
If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)