Splunk data models are a security professional’s best friend in terms of alerting, investigation, and audit. Splunk ES has an entire suite of baked-in correlation searches, but I want to talk about models a bit.
If you don’t know what Splunk is, hey, stop and go check out their free demo. I’ve never made a dime from Splunk as of this writing, but I like their software and wish Kibana were as functional for security purposes.
Continue reading “Splunk Data Models”
WPA3 certification has begun. I’m not sure there’s a lot to say about the current state of wireless security beyond keeping routers up to date and using nice long passwords.
I’ll briefly revisit the ez-mode version of the testing I’ve done in the past, but it’s pretty straightforward.
Continue reading “Wireless Security: WPA3 and Wifi Cracking”
Something I’ve had reason to play a lot with over the last few months is Security Onion, a free and open source product that frankly compares damn well to a number of *very* expensive proprietary products.
It requires no small amount of Linux and tech knowledge to start digging into, but you get an ELK stack, full packet capture, a number of GUI options for visibility into network and file system alerts.. it’s really neat.
I struggled to get my ELK stack working properly but the eventual culprit was memory: I’d recommend a minimum of 4-8 gigs of RAM.
I’m now looking into ways to build cheap nsm sensors out of something akin to Raspberry Pis, but I don’t know how feasible that is yet.