Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Elastic SIEM for home and small business: Beats on Mac

Hey, there. This is part six of the Elastic SIEM for home and small business blog series. If you haven’t read the first, second, and third blogs, you may want to before going any further. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. In the Securing cluster access blog, we secured access to our cluster by restricting privileges for users and Beats.

The total business impact of Sumo Logic Cloud SIEM

We enable our customers to monitor, troubleshoot and resolve operational issues and security threats to their cloud or hybrid environments with our machine data analytics suite. Our users already know that Sumo Logic can help them dramatically improve the security and economy of their organization.

Detecting CVE-2020-0601 Exploitation Attempts With Wire & Log Data

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.

New features in EventSentry v4.1

Brief overview of all new features in v4.1, including NetFlow malicious traffic detection, enhanced performance monitoring via command line output capture, Active Directory password reminder emails, BitLocker, Pending Reboot & battery detection, lots of visual & functional improvements to the web reports and more!

CVE-2020-0601 - How to operationalize the handling of vulnerabilities in your SOC

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

Q&A Follow-Up: How Datev uses MITRE ATT&CK & Splunk in its SOC

Hey Everyone, We recently did a webinar with Christian Heger, technical head of the DATEV SOC, as well as Sebastian Schmerl, head of cyber defense of Computacenter. They shared their 6-month path of modernizing their security operations with help of Splunk technology and the MITRE ATT&CK framework. As we weren’t able to address all of the questions during the webinar, we discussed these afterwards and share them in this blog post as a Q&A follow-up.

Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)

Data destruction is an aggressive attack technique observed in several nation-state campaigns. This technique under MITRE ATT&CK 1485, describes actions of adversaries that may “..destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives”.

Customize Xray DevSecOps With Private Data

For some organizations, even the best isn’t quite enough. That’s why JFrog Xray provides a way for you to specify your own additional data, to detect even more sensitive issues in your binaries before they can reach production. JFrog Xray is a tool for DevSecOps teams to gain insight into the open source components used in their applications.

Pandora FMS vulnerability, feature or just a bad configuration?

We recently received a notification from a concerned user, because he had found a “vulnerability” in Pandora FMS. Besides, not just any vulnerability but one that seemed to give root access to the system. Next, this user called k4m1ll0 wrote a post in Medium warning the community about this vulnerability. If you want to read the original post, click here.