June 2024
Upgrading Wazuh to Version 4.8.0.
A Step-by-Step Guide.
SOC as a Service for MSPs and MSSPs
Prevention
Detection
Response
socfortress
SIEM StackService Deployment Plans
SIEM in the making
Infrastructure for EndPoint Telemetry.
Log Collection of all Network Devices and Security Infra.
3rd Party Integrations.
Threat Intel (SOCFortress API).
SIEM stack performance Monitoring.
Alerting and Notifications.
Cold Storage.
Contact
SOC Ready
SIEM in the making +
Advanced Detection Rules: De-facto standard for SIEM rules Sigma
High Risk Vulnerability Reporting: EPSS to spot critical vulnerabilities
Case Management: Collaborate, enrich, and respond to high severity alerts all in real time
Incident Response: Investigate alerts by interacting with the monitored endpoints
SOAR Automation: Integrate your security stack with advanced and fully automated workflows
Contact
MSSP Ready
SOC Ready +
SOPCFortress CoPilot: Orchestrate your SIEM stack
Security Homepage: Keep your team organized with a security homepage
Key Performance Indicators: Give your clients oversight into the company's security posture
Contact
Prevention | Detection | Response.
Unify Cyber Risk Evaluation, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).
Built For SpeedPlatform Features
Rich Dashboards.
Analysis
Continuous Risk Assessment
SaaS
Case Management and Alerting.
Where Observability meetsSecurity
Service portal, dashboards, metrics and security events.
SOCFortress service portal is based on the visualization tool Grafana. After accessing the service portal with your credentials a landing page is loaded with metrics and events summaries. From here you can start evaluating monitoring metrics, infra logs, security events, etc.
EDR security events and security feeds.
Quick access to high severity events collected from your end-points and latest events gathered by our threat intel.
MITRE ATT&CK TTPs enrichment.
Security events include MITRE ATT&CK TTP information for better insights.
From Windows Event Logs to full telemetry on processes, network connections, and much more.
SOCFortress EDR covers prevention, detection and response. From the basics of Windows Event Logs to a full range of end-point telemetry and anomaly detection.
Network and Infra Logs
Effective security Analysis requires log collection from all available sources in your environmet. SOCFortress can collect logs from different network and security devices to obtain a complete view and insights for all your IT Infra.
0
Threat Intel - IoC Attributes0
Threat Intel - IoC Categories0
Threat Intel - ATPs0
Threat Intel - IoC TypesNews and SOCFortress BlogLatest Entries
June 2024
CoPilot
Integrating Duo MFA Authentication Logs with Your SIEM Stack Using Copilot.
June 2024
SOCFortress integrations
Malicious macros detection in MS-Office files using “olevba”.
June 2024
CoPilot
Simplify Cloud Security: ScoutSuite and CoPilot.
June 2024
CoPilot
Analyzing Processes in Wazuh Alerts with Advanced Risk Scoring from Global Data Using CoPilot.
June 2024
CoPilot
How to Ingest Crowdstrike Events into an Open Source SIEM Stack Easily Using Copilot.
May 2024
CoPilot
Mastering Wazuh’s Active Response: Block Malicious IPs with CoPilot & Wazuh!.
May 2024
CoPilot
Supercharge Your SIEM Stack: Auto-Enrich Wazuh Events with SOCFortress Threat Intelligence.
May 2024
CoPilot
Wazuh Rule Writing With CoPilot AI Module.
April 2024
SOCFortress integrations
SOCFortress Integrations — Trend Micro Deep Security.
April 2024
SOCFortress integrations
SOCFortress Integrations — Ubiquiti Networks.
April 2024
SOCFortress integrations
SOCFortress Integrations — Carbon Black EPP.
April 2024
SOCFortress integrations
SOCFortress Integrations — CheckPoint Harmony.
March 2024
CoPilot
Wazuh Content Pack For Graylog — Easily Configure Your SOCFortress SIEM Stack
March 2024
SOCFortress integrations
SOCFortress Integrations — Cylance EndPoint Protection.
Feb 2024
SOCFortress integrations
SOCFortress Integrations — Huntress Labs.
Feb 2024
CoPilot
CoPilot Install — Updated
Feb 2024
SOCFortress integrations
SOCFortress Integrations — ESET EndPoint Protection.
Feb 2024
Copilot
CoPilot — Your Next Open Source Security Tool.
Jan 2024
SOCFortress integrations
SOCFortress Integrations — Fortinet Secure Web Proxy (FortiProxy).
Jan 2024
SOCFortress integrations
SOCFortress Integrations — Google Workspace.
Jan 2024
CoPilot
01/31
Jan 2024
SOCFortress integrations
SOCFortress Integrations — Cato Networks SDWAN.
Jan 2024
SOCFortress integrations
SOCFortress Integrations — Cisco Umbrella (Virtual Appliance).
Jan 2024
SOCFortress integrations
SOCFortress Integrations — McAfee Secure Web Gateway (SWG).
Jan 2024
SOCFortress integrations
SOCFortress Integrations — PioLink WEBFRONT-K (Web Application and API Protection).
Oct 2023
SOCFortress integrations
SOCFortress Integrations — Oracle Cloud Infrastructure (OCI).
Oct 2023
SOCFortress integrations
SOCFortress Integrations — Nozomi Networks (OT).
Oct 2023
SOCFortress integrations
SOCFortress Integrations — IronScales Email Security.
Sept 2023
SOCFortress integrations
SOCFortress Integrations — Cynet EndPoint Protection.
Sept 2023
SOCFortress integrations
SOCFortress Integrations — Akamai Web Application Firewall (WAF).
Sept 2023
SOCFortress integrations
Executable files analysis and capabilities detection using capa (Mandiant).
Sept 2023
SOCFortress integrations
SOCFortress Integrations — Trellix Email Security (Cloud).
Sept 2023
SOCFortress integrations
SOCFortress Integrations — Mimecast Email Security (Cloud).
Sept 2023
SOCFortress integrations
SOCFortress Integrations — Controlled Unclassified Information (CUI) Security Controls.
Aug 2023
SOCFortress integrations
SOCFortress Integrations — Duo Security.
Aug 2023
SOCFortress Integrations.
SOCFortress Integrations — Cisco Secure EndPoint.
Aug 2023
SOCFortress Integrations.
SOCFortress Integrations — SentinelOne EndPoint Protection.
Aug 2023
SOCFortress Integrations.
SOCFortress Integrations — TrendMicro EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — McAfee EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — BitDefender EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — CrowdStrike EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — FortiGate BlockList, File Hashes.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — CloudFlare.
June 2023
SOCFortress Integrations.
SOCFortress Integrations — Vulnerability Management using the Exploit Prediction Scoring System (EPSS).
May 2023
SOCFortress Integrations.
SOCFortress Integrations — Kaspersky EndPoint Protection.
Apr 2023
SOCFortress Integrations.
SOCFortress Integrations — Advanced Traffic Flow Analysis using Zeek.
FEBRUARY 2023
SOCFortress Stack Demo.
Enhancing Cybersecurity with Free Open Source Tools.
FEBRUARY 2023
Threat Intel.
Maximizing Threat Detection and Response with Cortex.
FEBRUARY 2023
SOCFortress.
Boost Your MSP to MSSP.
JANUARY 2023
SOCFortress.
Your Open-Source Incident Response Platform.
JANUARY 2023
SOCFortress.
Part 12. SIGMA rules for the OpenSource SIEM.
JANUARY 2023
SOCFortress.
Detect Malcious File Uploads With Wazuh and Yara.
JANUARY 2023
SOCFortress.
World’s Best FREE SIEM Stack Series Compilation.
JANUARY 2023
Threat Intel.
Part 11. Wazuh Events and MISP Automation.
DEC 2022
Threat Detection.
Detecting Abnormal Network Ports With Wazuh.
DEC 2022
Threat Intel.
Part 10. MISP Threat Intel.
DEC 2022
SOCFortress.
Part 9. Log Normalization.
NOV 2022
Threat Intel.
Part 8. Firewall Threat Intel With GreyNoise.
NOV 2022
SOCFortress.
Part 7. Firewall Log Collection Made Easy.
NOV 2022
SOCFortress.
Part 6. Best Open Source SIEM Dashboards.
NOV 2022
SOCFortress.
Part 5. Intelligent SIEM Logging.
OCT 2022
SOCFortress.
Part 4. Wazuh Agent Install —Endpoint Monitoring.
OCT 2022
SOCFortress.
Part 3. Wazuh Manager Install — Log Analysis.
OCT 2022
SOCFortress.
Part 2. Graylog Install — Log Ingestion.
OCT 2022
SOCFortress.
Part 1. Wazuh Indexer — SIEM Backend.
OCT 2022
SOCFortress.
Build Your Own SIEM Stack with Open Source Tools Series.
AUG 2022
SOCFortress.
Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint.
AUG 2022
SOCFortress.
FREE Wazuh Advanced Wazuh Detection Rules.
AUG 2022
Adversary Emulations.
SOCFortress Attack Simulator.
JULY 2022
Adversary Emulations.
Detecting APT29 With SOCFortress.
July 2022
Wazuh SIEM Integrations.
Wazuh SIEM Integrations (II) — WithSecure Elements EPP.
July 2022
Wazuh SIEM Integrations.
Wazuh SIEM Integrations (I) — Sophos Intercept X.
July 2022
ZuoRAT Malware.
ZuoRAT — Wazuh Detection Rules.
June 2022
Windows Registry Forensics.
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules.
June 2022
CVE-2022–26134.
CVE-2022–26134 — Zero-Day Exploitation of Atlassian Confluence.
June 2022
CVE-2022–30190.
Wazuh Detection Rules for MS RCE CVE-2022–30190, “Follina”.
May 2022
Web App Firewalls.
Enforcing Security in Web App Firewalls using Wazuh Active Response.
May 2022
Office 365.
OFFICE 365 — MITRE Enriched Events Using Wazuh Detection Rules.
May 2022
Incident Response.
FREE Incident Response With Velociraptor.
May 2022
Software Policy.
Monitoring Corporate Software Policies using Wazuh EDR and Sysmon.
May 2022
Observability and Security Monitoring in Containers.
Performance metrics, Vulnerability Analysis and Security Events.
April 2022
Data Exfiltration using ICMP (and how to detect it).
Exfiltration, as described in Mitre Tactic TA0010, consists of techniques adversaries may use to steal data from your network
April 2022
Understanding Wazuh Decoders.
Build custom decoders to ingest any type of log.
April 2022
CVE 2022–26809: MS-RPC VULNERABILITY.
Microsoft has fixed a new Windows RPC CVE-2022–26809 vulnerability that is raising concerns.
April 2022
Endpoint Install and User Credentials.
Installing the SOCFortress endpoint and accessing the SOCFortress platform.
April 2022
SOCFortress Platform.
Interacting With The SOCFortress Platform.
April 2022
Easiest SIEM Install.
Wazuh, Elasticsearch, Kibana, and Filebeat Docker Install.
April 2022
Adversary Simulations.
Adversary Emulations Using Mitre Caldera and Wazuh EDR, Part II: Discovery.
March 2022
DNS Traffic Insights.
DNS Traffic Insights using Domain Stats and Wazuh EDR.
March 2022
Sysinternals Part II.
Scanning and Analyzing Executable Files by their hash + VirusTotal.
March 2022
Adversary Simulations.
Adversary Simulations Using Mitre Caldera and Wazuh EDR, Part I: Executing the Beacon Payload.
March 2022
Sysinternals Part I.
Wazuh and Sysinternals Integration. Part I: Finding Persistent Footholds.
Feb 2022
SIEM - OpenCTI Integration.
Wazuh manager integration with OpenCTI for Threat Intel.
Feb 2022
Network Scans
How to run network scans integrated in your EDR agents.
Feb 2022
Detect Cobalt Strike Beacons
How to detect Cobalt Strike Beacons, commonly used in Ransomware attacks.
Feb 2022
Monitor your Wazuh Stack
How to gather system metrics and observability using Telegraf and InfluxDB.
Feb 2022
Enriching Login Attempts with Wazuh and AbuseIPDB
Know when when a known aggressive IP has attempted to SSH into one of your servers.
Feb 2022
The MITRE D3FEND Framework - Part I: HARDEN — PLATFORM HARDENING
Implementing and validating MITRE D3FEND Countermeasures using Wazuh EDR. Part I: HARDEN — PLATFORM HARDENING.
Feb 2022
The MITRE D3FEND Framework - Introduction
This is the first in a series of blog entries covering the MITRE D3FEND Framerowk.