Discover and read the best of Twitter Threads about #SIEM

Most recents (11)

1/ I am taking a little break but couldn’t resist checking-out my favourite open-source projects for any updates. Doing so, I thought it will be useful to share my top 10 projects that anyone in the #infosec field should know about. Here they are 🧵:
2/ 📊 HELK (buff.ly/3BHn9iR): The Hunting ELK (HELK) project provides an analytics and threat hunting platform for security teams to identify and respond to threats in their environment. Just load your logs and start hunting! #HELK #ThreatHunting Image
3/ 🔍 Sigma(buff.ly/3q12WOC ): Sigma enables infosec peeps to create rules for SIEM systems for detecting and responding to security incidents. It also allows us to share our rules in a non-vendor-specific format! Free detections anyone!?! #Sigma #SIEM
Read 13 tweets
🚨🔍👨‍💻🛡️ I got few questions about what a Detection Engineers does. Daily tasks range from monitoring security systems to designing and developing detection logic? Here are some common tasks that I perform on given day #Cybersecurity #DetectionEngineer #SecurityOperations #SIEM
1️⃣ Building SIEM Architecture

Some detection engineers build SIEM architecture to collect, process, store, analyze, and respond to security-related data from various sources to identify potential security threats and alerts the security team.
2️⃣ Monitoring Security Systems

Detection engineers monitor security systems, review logs/alerts/reports, identify potential threats, and investigate suspicious activities. Essential in security ops.
Read 9 tweets
✨ Free SIEM Trainings ✨

A Thread 🧵 | #infosec #siem
✅General
📎Windows Logging Basics - lnkd.in/grKYFQzJ

📎Jose Bravo - What is a SIEM? (5 Vídeos): lnkd.in/gc2UDpeD

📎PowerSIEM Analyzing Sysmon Events with PowerShell: lnkd.in/g_8Eq8vm
✅AlienVault OSSIM

📎Cybrary - AlienVault OSSIM: lnkd.in/gRZAansT
Read 10 tweets
Building SOC 101:

SOC Tools: Review of the essential security monitoring tools you’ll need for building a Successful SOC.

In this thread, we’ll learn the details of these SOC tools & technologies 🧵

#infosec #cybersecurity #Pentesting #informationsecurity #hacking #CISSP
The essential SOC capabilities include

1.Asset discovery
2.Vulnerability assessment
3.Behavioral monitoring
4.#Intrusion_detection
5.#SIEM
1.Asset Discovery:

- Knowing what’s on your network is the 1st step in protecting what’s on your network.

- You need to know what systems exist –

a.laptops and servers - as well as what’s been installed and running on those systems e.g. apps, services, and active ports.
Read 15 tweets
There’s no more strategic thing than defining where you want to get to and measuring it.

Strategy informs what "great" means, daily habits get you started (and keep you going) and measurements tell you if you’re there or not.

A 🧵 on #SOC strategy / metrics:
Before we hired our first #SOC analyst or triaged our first alert, we defined where we wanted to get to; what great looked like.

Here’s [some] of what we wrote:
We believe that a highly effective SOC:

1. leads with tech; doesn’t solve issues w/ sticky notes
2. automates repetitive tasks
3. responds and contains incidents before damage
4. has a firm handle on capacity v. loading
5. is able to answer, “are we getting better, or worse?”
Read 19 tweets
Awesome tip for using canarytokens.org/generate honeypot traps as a defence mechanism & #SIEM 🤯
1/3

There are three fun techniques for those who are constantly under attack.

One of them is to set up similar honeypots, IP loggers like “grabify dot link” and put a script for notifications.

👇👇👇
2/3

The second is to set up fake wallets, potential targets and name them tempting for the hacker. If you try to steal money from them (the hacker will probably notice them first), you can get a notification from @TenderlyApp or own script via SMS.

👇👇👇
Read 7 tweets
Can we detect ZIP / JScript for initial access on 🪟?

1. Open txt editor
2. var WshShell = new ActiveXObject("Wscript.Shell");

WshShell.Popup("You can configure WSH files to open in Notepad");

WScript.exit;

3. Save as 1.js
4. Double-click
5. Query SIEM / EDR Image
What about #BEC in O365?

1. Create an inbox rule to fwd emails to the RSS Subscriptions folder
2. Query your SIEM
3. How often does this happen?
4. Can you build alert or cadence around inbox rule activity?
What about lateral movement?

1. Open PS
2. wmic /node:localhost process call create "cmd.exe /c notepad"
3. winrs:localhost "cmd.exe /c calc"
4. schtasks /create /tn legit /sc daily /tr c:\users\<user>\appdata\legit.exe
5. Query SIEM / EDR
Read 6 tweets
Hey for all you #infosec friends stuck with #ibm #qradar just like me, just remember it’s still better than having no #siem at all. Here is my contribution to the community, a mega thread of qradar tips to improve your life

#qradartips

0/N
Qradar Tip #1

equals is case sensitive
username equals 'neonprimetime'
will not find 'Neonprimetime'
(notice the capital N)
from the GUI use contains to be case insensitive!

#qradartips 1/N
Qradar Tip #2

avoid using the GUI for filtering
instead teach yourself AQL
use the "Advanced Search" drop down
it's a powerful SQL-like language
that will allow you to performance tune queries
use complex boolean logic
and much more!

ibm.com/support/knowle…

#qradartips 2/N
Read 76 tweets
So, I discovered my presentation on #SIEM from 2012 where I talked about "SIEM trifecta of complexity" which is "complexity of deployment, administration, operation." Guess what? Much of 2020 SIEM has this too....
Specifically: Image
BTW, I found the whole thing, but only look if you promise NOT to laugh: slideshare.net/anton_chuvakin…
Read 3 tweets
Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.
Threat hunting means to proactively search for malware or attackers that are hiding in your network — and may have been there for some time.
Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.
Read 19 tweets
I've got a story to share. Not as exciting as the exploits of @TinkerSec, @HydeNS33k, or @_sn0ww, but a story nonetheless. #DFIR & #BlueTeam in nature. 1/
I worked for a service provider back in the day. And we provided email accounts to customers. 2/
This was back when most places would slap #SquirrelMail or #Horde on top of a #dovecot server. 3/
Read 13 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!