Upgrading Wazuh to Version 4.8.0.
A Step-by-Step Guide.
Prevention
Detection
Response
socfortress
Infrastructure for EndPoint Telemetry.
Log Collection of all Network Devices and Security Infra.
3rd Party Integrations.
Threat Intel (SOCFortress API).
SIEM stack performance Monitoring.
Alerting and Notifications.
Cold Storage.
ContactAdvanced Detection Rules: De-facto standard for SIEM rules Sigma
High Risk Vulnerability Reporting: EPSS to spot critical vulnerabilities
Case Management: Collaborate, enrich, and respond to high severity alerts all in real time
Incident Response: Investigate alerts by interacting with the monitored endpoints
SOAR Automation: Integrate your security stack with advanced and fully automated workflows
ContactSOPCFortress CoPilot: Orchestrate your SIEM stack
Security Homepage: Keep your team organized with a security homepage
Key Performance Indicators: Give your clients oversight into the company's security posture
ContactSOCFortress service portal is based on the visualization tool Grafana. After accessing the service portal with your credentials a landing page is loaded with metrics and events summaries. From here you can start evaluating monitoring metrics, infra logs, security events, etc.
Quick access to high severity events collected from your end-points and latest events gathered by our threat intel.
Security events include MITRE ATT&CK TTP information for better insights.
SOCFortress EDR covers prevention, detection and response. From the basics of Windows Event Logs to a full range of end-point telemetry and anomaly detection.
Effective security Analysis requires log collection from all available sources in your environmet. SOCFortress can collect logs from different network and security devices to obtain a complete view and insights for all your IT Infra.
A Step-by-Step Guide.
Integrating Duo MFA Authentication Logs with Your SIEM Stack Using Copilot.
Malicious macros detection in MS-Office files using “olevba”.
Simplify Cloud Security: ScoutSuite and CoPilot.
Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data Using CoPilot.
How to Ingest Crowdstrike Events into an Open Source SIEM Stack Easily Using Copilot.
Mastering Wazuh’s Active Response: Block Malicious IPs with CoPilot & Wazuh!.
Supercharge Your SIEM Stack: Auto-Enrich Wazuh Events with SOCFortress Threat Intelligence.
Wazuh Rule Writing With CoPilot AI Module.
SOCFortress Integrations — Trend Micro Deep Security.
SOCFortress Integrations — Ubiquiti Networks.
SOCFortress Integrations — Carbon Black EPP.
SOCFortress Integrations — CheckPoint Harmony.
Wazuh Content Pack For Graylog — Easily Configure Your SOCFortress SIEM Stack
SOCFortress Integrations — Cylance EndPoint Protection.
SOCFortress Integrations — Huntress Labs.
CoPilot Install — Updated
SOCFortress Integrations — ESET EndPoint Protection.
CoPilot — Your Next Open Source Security Tool.
SOCFortress Integrations — Fortinet Secure Web Proxy (FortiProxy).
SOCFortress Integrations — Google Workspace.
01/31
SOCFortress Integrations — Cato Networks SDWAN.
SOCFortress Integrations — Cisco Umbrella (Virtual Appliance).
SOCFortress Integrations — McAfee Secure Web Gateway (SWG).
SOCFortress Integrations — PioLink WEBFRONT-K (Web Application and API Protection).
SOCFortress Integrations — Oracle Cloud Infrastructure (OCI).
SOCFortress Integrations — Nozomi Networks (OT).
SOCFortress Integrations — IronScales Email Security.
SOCFortress Integrations — Cynet EndPoint Protection.
SOCFortress Integrations — Akamai Web Application Firewall (WAF).
Executable files analysis and capabilities detection using capa (Mandiant).
SOCFortress Integrations — Trellix Email Security (Cloud).
SOCFortress Integrations — Mimecast Email Security (Cloud).
SOCFortress Integrations — Controlled Unclassified Information (CUI) Security Controls.
SOCFortress Integrations — Duo Security.
SOCFortress Integrations — Cisco Secure EndPoint.
SOCFortress Integrations — SentinelOne EndPoint Protection.
SOCFortress Integrations — TrendMicro EndPoint Protection.
SOCFortress Integrations — McAfee EndPoint Protection.
SOCFortress Integrations — BitDefender EndPoint Protection.
SOCFortress Integrations — CrowdStrike EndPoint Protection.
SOCFortress Integrations — FortiGate BlockList, File Hashes.
SOCFortress Integrations — CloudFlare.
SOCFortress Integrations — Vulnerability Management using the Exploit Prediction Scoring System (EPSS).
SOCFortress Integrations — Kaspersky EndPoint Protection.
SOCFortress Integrations — Advanced Traffic Flow Analysis using Zeek.
Enhancing Cybersecurity with Free Open Source Tools.
Maximizing Threat Detection and Response with Cortex.
Boost Your MSP to MSSP.
Your Open-Source Incident Response Platform.
Part 12. SIGMA rules for the OpenSource SIEM.
Detect Malcious File Uploads With Wazuh and Yara.
World’s Best FREE SIEM Stack Series Compilation.
Part 11. Wazuh Events and MISP Automation.
Detecting Abnormal Network Ports With Wazuh.
Part 10. MISP Threat Intel.
Part 9. Log Normalization.
Part 8. Firewall Threat Intel With GreyNoise.
Part 7. Firewall Log Collection Made Easy.
Part 6. Best Open Source SIEM Dashboards.
Part 5. Intelligent SIEM Logging.
Part 4. Wazuh Agent Install —Endpoint Monitoring.
Part 3. Wazuh Manager Install — Log Analysis.
Part 2. Graylog Install — Log Ingestion.
Part 1. Wazuh Indexer — SIEM Backend.
Build Your Own SIEM Stack with Open Source Tools Series.
Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint.
FREE Wazuh Advanced Wazuh Detection Rules.
SOCFortress Attack Simulator.
Detecting APT29 With SOCFortress.
Wazuh SIEM Integrations (II) — WithSecure Elements EPP.
Wazuh SIEM Integrations (I) — Sophos Intercept X.
ZuoRAT — Wazuh Detection Rules.
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules.
CVE-2022–26134 — Zero-Day Exploitation of Atlassian Confluence.
Wazuh Detection Rules for MS RCE CVE-2022–30190, “Follina”.
Enforcing Security in Web App Firewalls using Wazuh Active Response.
OFFICE 365 — MITRE Enriched Events Using Wazuh Detection Rules.
FREE Incident Response With Velociraptor.
Monitoring Corporate Software Policies using Wazuh EDR and Sysmon.
Performance metrics, Vulnerability Analysis and Security Events.
Exfiltration, as described in Mitre Tactic TA0010, consists of techniques adversaries may use to steal data from your network
Build custom decoders to ingest any type of log.
Microsoft has fixed a new Windows RPC CVE-2022–26809 vulnerability that is raising concerns.
Installing the SOCFortress endpoint and accessing the SOCFortress platform.
Interacting With The SOCFortress Platform.
Wazuh, Elasticsearch, Kibana, and Filebeat Docker Install.
Adversary Emulations Using Mitre Caldera and Wazuh EDR, Part II: Discovery.
DNS Traffic Insights using Domain Stats and Wazuh EDR.
Scanning and Analyzing Executable Files by their hash + VirusTotal.
Adversary Simulations Using Mitre Caldera and Wazuh EDR, Part I: Executing the Beacon Payload.
Wazuh and Sysinternals Integration. Part I: Finding Persistent Footholds.
Wazuh manager integration with OpenCTI for Threat Intel.
How to run network scans integrated in your EDR agents.
How to detect Cobalt Strike Beacons, commonly used in Ransomware attacks.
How to gather system metrics and observability using Telegraf and InfluxDB.
Know when when a known aggressive IP has attempted to SSH into one of your servers.
Implementing and validating MITRE D3FEND Countermeasures using Wazuh EDR. Part I: HARDEN — PLATFORM HARDENING.
This is the first in a series of blog entries covering the MITRE D3FEND Framerowk.