Year: 2020

We purchased a Corelight AP3000 recently to run Zeek and Suricata and send these logs to our SIEM. This was my first time running Suricata in my environment and I quickly learned that Suricata is only as good as the rules provided to it. Downloading Suricata Rules To download...

I love technology and I love to homebrew. Recently, I converted our old freezer chest to a keezer to store my homebrew kegs and commercial ones I had bought through local craft brewers. I use an Inkbird temperature controller to maintain the perfect temperature for my kegs and an...

We had a need to ingest Azure AD Sign-Ins to our Splunk environment to identify compromised accounts logging in from geographically improbable locations. We use Office365 for Outlook, OneDrive, SharePoint Online, Teams, etc. All of those resources make that Sign-In information very valuable to collect. We could see the...

I recently ramped up study for my CISSP and just passed this week! In this post, I wanted to detail the resources I used to prepare for the test. Cybrary I used the Cybrary catalog of online courses as my primary method to prepare for the exam. It was...

I struggled to figure out how to add multiple IP addresses on the outside of my Palo Alto VM-Series in AWS. I needed to place each server’s public IP address on the Palo Alto and a lot of the guides I read were assuming you’d just do port-forwarding like...

I attended a talk years ago where Duke University was using a robust network of sensors managed via Modern Honey Network. It motivated me to reuse my old Raspberry Pi as a sensor, alerting on if anyone was scanning a network looking for live hosts in the reconnaissance phase....