Frustration is my fuel
Using free tools we create a Security Information and Event Management System
Was just about to finish for the day when I got this working so wanted to post before I forgot lol!We have covered how to enable Windows Firewall logging, and how to enable and install Nxlog to allow Event Logs to be forwarded into Graylog, however up to this point I hadn't figured out how …
Continue reading "Forward Windows Firewall log to Graylog (Using nxlog)"
Believe it or not but the Windows Host firewall does not log by default.Some of you may not even have it enabled, but you really should. Security in depth right? If anyone believes differently please hit me up on Twitter, always happy to debate, and be educated if better practice exists."How do you enable firewall …
If you have been following along with this project you should be at the stage where you have WEF configured through group policy forwarding events using WinRM to push from endpoints, with nxlog installed and forwarding Events to a Graylog server. We also covered installing and configuring Sysmon. Our test environment looks like this. We …
We are going to quickly touch on something which frustrated me for a short while and it is related to the default configuration used by "WECUTIL" when setting up WEF (Windows Event Forwarding). Previously I had always forwarded logs from my endpoints into Graylog using either nxlog/syslog or OSSEC so had never had this issue …
We have covered Graylog a fair bit, but to make the most of all it's functionality we need to upgrade to an Enterprise license. Now before you start screaming "I want a FREE solution" Graylog Enterprise is free for up to 5GB of data a day, and if you are using more than that then …
Continue reading "Upgrading To Graylog Enterprise. (Free SIEM Part 4)"
This is the third tutorial in the "Free SIEM" series. Today the aim is to set up log forwarding to a central log Server from all our end points with Group Policy, and as an added bonus we are going to forward all Sysmon logs as well. For the topology we have a Domain Controller …
Hello all, this is the first of a new series of posts which will show you how to setup a free centralised logging solution for any environment. After much trial and error I think I'm set on using Graylog, Windows Event forwarding, Sysmon, and OSSEC/Wazuh. All the official documentation for Graylog can be found here: Graylog …
Continue reading "Install Graylog on Ubuntu (Free SIEM Part 2)"
Recently we have been looking at a lot of Blue Team tools to help increase both the visibility of our network, and our ability to audit events.I recently found a great Sysmon config by @SwiftOnSecurity and decided that is was time to give it a go.The GitHub page for the config file is here and you can download …
@2codemonte 