Operations | Monitoring | ITSM | DevOps | Cloud


Sponsored Post

It's Not Black Magic: Malware & Ransomware in Plain English

It was almost exactly 10 years ago in December 2013 that we wrote our first blog post about detecting CryptoLocker, which was the first sophisticated Ransomware attack of its kind back then. BTW, 2013 was the year of the Boston Marathon bombing, Edward Snowden leaking secret NSA information, Syrians fleeing their home country and Nelson Mandela passing away.

Aggregate Data in Cribl Stream to Optimize Your SIEM Data and Its Performance

Cribl Stream offers different ways to optimize data, such as: In this blog, I will focus on the Aggregation use case using the Aggregations function and how you can practically use the Aggregations function to format the output in different ways.
Sponsored Post

Revealing Suspicious VPN Activity with Anomaly Detection

Anybody who monitors logs of any kinds, knows that the extracting useful information from the gigabytes of data being collected remains one of the biggest challenges. One of the more important metrics to keep an eye on are all sorts of logons that occur in your network – especially if they originate on the Internet – such as VPN logins.

5 Best SIEM Tools and How to Choose

Cybersecurity has become something of great concern to the IT world over the last few years. The increase in remote working and the move to cloud-based and e-commerce solutions have opened up many new opportunities for cyber exploits and malware attacks. According to the FBI, the incidence of malware and network attacks, particularly ransomware, on both commercial and home systems has shown a major increase. At a corporate and personal level, ID theft has also increased greatly.

Sponsored Post

Predict the Future! A universal approach to detecting malicious PowerShell activity

So, here’s the deal with AntiVirus software these days: It’s mostly playing catch-up with super-fast athletes — the malware guys. Traditional AV software is like old-school detectives who need a picture (or, in this case, a ‘signature’) of the bad guys to know who they’re chasing. The trouble is, these malware creators are quite sneaky — constantly changing their look and creating new disguises faster than AntiVirus can keep up with their photos.

Sending Data to Elastic Security With Cribl Stream (And Making It Work With Elastic SIEM)

Cribl Stream is a real-time security and observability data processing pipeline that can be used to collect, transform, enrich, reduce, redact, and route data from a variety of sources to a variety of destinations. One of the popular destinations for Cribl users is Elastic SIEM. This blog post will walk you through the steps on how to set up Cribl Stream to normalize and forward data to use with Elastic Security for SIEM.

SIEM Implementation Guide: A How-To Guide

In an era where cybersecurity threats are not just frequent but increasingly sophisticated (and becoming more costly), the need for robust defense mechanisms has never been more critical. Security Information and Event Management (SIEM) emerges as a cornerstone in this complex data environment. It’s not just another tool in your cybersecurity toolkit; it’s a solution designed to elevate your organization’s security posture.

Modernize Your SIEM Architecture

In this Livestream conversation, I spoke with John Alves from CyberOne Security about the struggles teams face in modernizing a SIEM, controlling costs, and extracting optimal value from their systems. We delve into the issues around single system-of-analysis solutions that attempt to solve detection and analytics use cases within the same tool.