Alright folks, buckle up! We’ve built our very own SOC playground – Windows and Ubuntu servers, a humming ELK stack, agents deployed, Sysmon watching like a digital hawk, and sweet dashboards visua...

Have you ever clicked on a seemingly harmless link only to find your device acting strangely? If so, you might have fallen victim to a malicious link. This blog post will delve into the mechanics o...

Yesterday, we whipped up some alerts for Windows servers and rules for both Windows and Ubuntu servers in Kibana. Today, let’s keep the momentum going by building a dashboard for Windows servers an...

Let’s build on our knowledge! Today, we’re going to create alerts for Windows servers, just like we did for Ubuntu. First things first: Log in to your Vultr account (or any cloud platform...

Remote Desktop Protocol: A Double-Edged Sword ⚔️ What is RDP? Remote Desktop Protocol (RDP) is a powerful tool that enables users to access and control a remote computer over a network connection...

Let’s Create Alerts and Dashboards for Ubuntu Server Authentication Logs Today, we’ll dive into creating alerts and dashboards in Kibana to visualize our Ubuntu server’s authentication logs. L...

On day 12 we sucessfully installed the Ubuntu server 24.04 and now that we’ve successfully set up our Ubuntu 24.04 server, let’s proceed with installing the Fleet agent. Let’s start with loging to ...

This is the time for creating our next server which is ubuntu server. According to logical diagram we will create a ubuntu server with ssh enabled as our target server and this is not inlcuded in o...

What is brute Force attack? Imagine trying to open a locked door without a key. You could randomly try different keys until you find the right one. That’s essentially what a brute force attack is ...

To view data in Elasticsearch, we will need to ingest the data using integration. By ingesting the data, we will be able to search through all the logs obtained from Windows Defender and Sysmon on ...