Sending Windows Logs using WinLogbeat
Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step 2: Open the winlogbeat.yml and edit with notepad: We will add the following under winlogbeat.event_logs: winlogbeat.event_logs: – name: Security event_id: 1102,4608,4609,4624-4648, 4700-4800,4950 ignore_older: 72h – name: Application event_id: 1000,1002,1001 ignore_older: 72h – […]
Recommended Windows Audit Policy Settings
This post includes recommend Windows audit policy settings. No two environments are the same so after running for a week inspect how much data is being recorded and if any can be removed. Ideally you will be after more than 24hrs worth of data held with a security event log size set to 2GB (2GB […]
Zabbix Logging in as Admin ends up logged as guest
I suddenly just had issues logging into a Zabbix instance as the Admin user and receiving only Guest permissions. Attempting several fixes online such as clearing cookies, browser caches and looking at the rights mysql table all failed. In the end to fix I had to add a new user via the database. insert into […]
Consuming sFlow with Elasticsearch
You may have previously read my blog on how to load sflow data into Elasticsearch using a bash script but another way if you wish to consume sflow data into Elasticsearch there is a great logstash sflow codec available on GitHub. Once you have followed the instructions and installed it simply edit your logstash config […]
Customizing Zabbix popup menus
If you want to add a custom menu item to the site popup menu you can do so by adding it into one of the zabbix javascript files. In the screenshot below I have added an option referred to as Site infob which when you click on the host object it and click on it […]
Site Cyber Security Evaluation
If you want a good tool to perform a site security evaluation then one I would recommend would be from the Department of Homeland Security (DHS) which provide a free tool called Cyber Security Evaluation Tool (CSET). This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber […]
Wazuh Vulnerabilities
One of the great features in Wazuh is the vulnerabilities module. Both comparing installed programs against NISTs vulnerability database as well as comparing the installed hot fixes against Microsoft’s update catalog. It isn’t perfect but can help you identify devices in your network which drop below the average. Vulnerabilities List The list is gathered from […]
Recording your Security Program
One thing I have learned from being subjected to too many security audits is the importance of documenting everything you do regardless if it paints your company in a good light or not. If a user asks you to restore a file then record this as a Restore test. if a user loses their phone […]
Best Open-Source Vulnerability Scanner
If you’re looking for a great open-source vulnerability scanner you can do a lot worse than OWASP ZAP. All features are free unlike the likes of BurpSuite and it is under active development unlike Arachni. There is a good community who provide custom scripts available on github. It comes as part of Kali and will […]
Using Elasticsearch as a Sflow Collector
If you are looking for a good open-source sFlow collector and don’t like the look of Nfsen or FlowViewer then you should consider trying Elasticsearch. Bash Script To get the data into Elasticsearch we take a low spec ubuntu server and install wireshark on it. Now create a bash script as per below. This script […]