Scaling Enterprise Forensic Timelining

Oct 6, 2021 2:29:00 PM / by Eric Capuano posted in Automation, DFIR, Velociraptor, Incident Response, Forensics, Operations, SecOps, Security, SOC, Open Source

In July, Eric & Whitney gave a talk titled "Breaches Be Crazy" at the SANS DFIR Summit outlining Recon’s unique approach at scaling enterprise forensic timelining.

Read More

SOC X 2021 - A Recap

Mar 8, 2021 2:08:00 PM / by Kelley Wilds posted in SOC X, Security, SOC, InfoSec, OpenSOC, Events, NDR, Defense

We can't start a recap post without a huge THANK YOU to the community for joining us last week and making SOC X such a success!

Read More

Detecting Threats with Graylog Pipelines - Part 3

Jan 15, 2021 2:14:00 PM / by Eric Capuano posted in Incident Response, Operations, SecOps, Security, SOC, InfoSec, Threat Hunting, Monitoring, Graylog

Now that we've normalized and enriched our events, let's get into the actual threat detection logic that brings SIEM-like features to open source Graylog.

Read More

Detecting Threats with Graylog Pipelines - Part 2

Jan 4, 2021 5:01:00 PM / by Eric Capuano posted in Operations, SecOps, Security, SOC, InfoSec, Monitoring, Graylog, Logging

In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog – now let's move towards some more advanced topics.

Read More

Detecting Threats with Graylog Pipelines - Part 1

Dec 31, 2020 5:16:00 PM / by Eric Capuano posted in Operations, SecOps, Security, SOC, InfoSec, Monitoring, Graylog, Logging

If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real.

Read More
View RSS Feed