Sysmon Setup In our previous blog, we introduced Sysmon. Now, let’s set it up on our Windows server. Start your previously created Vultr Windows server instance. Use RDP for remote access. S...

The windows operating system logs the evnt by default but those are not in much detailed and it does not log the events like , process creation, network connection and file changes , which can be v...

We will continue with setting up fleet server and integrating it with elastic agent. Login to vultr account we created with login credentials. Creating Fleet Server In vultr, g...

Centralized Log Management with Elastic Agent and Fleet Server The ever-growing volume of logs generated by applications, systems, and security tools poses a significant challenge for IT teams. Ce...

Today, we’ll focus on creating our Windows server as a target machine. This server will play a crucial role in our simulated attack scenarios, following the logic diagram we established on Day 1. ...

Alright, let’s move on to setting up Kibana on our Day 3 adventure! Here’s how we’ll access the Kibana interface using your server’s public IP: 1. Download and Install Kibana: Open your server...

For this configuration, I utilized Vultr cloud service. To create the instance, I established a VPC in nearest region. Configure the network settings. I used IP range 172.31.0.0/24....

ELK: The Data Detective’s Ultimate Tool Imagine you’re a detective on a quest to solve a complex mystery, but instead of clues, you’re faced with a mountain of digital data. That’s where ELK (Elas...

Creating logical diagram Importance of Logical Diagrams for SOC Analysts: Logical diagrams provide a clear and concise visualization of network infrastructure, aiding SOC analysts in: Underst...