Windows has been a huge focus for Puppet since the beginning, and never more so than with our recent news that the whole suite of DSC Resources are now accessible through the Forge, all fully supported by Puppet. Puppet and Windows have always gone hand in hand, but it hasn’t always been plain sailing.

After months of developing and testing, we are finally ready to announce the release of our Icinga for Windows Hyper-V and Cluster plugins version v1.0 today! We collected lots of feedback, tested different approaches and re-designed some plugins to ensure we can provide good monitoring basics for these environments, allowing us to improve and extend them in the future.

Given the numerous cyber-threats that organizations face these days, security has become one of the most serious issues on everyone’s mind. When it comes to protecting business-critical environments from malware, various security measures can make a significant difference. Patching is one such important component of ensuring the security of your infrastructure and data.

In an earlier blog post, we spoke about building your own ProblemChild framework from scratch in the Elastic Stack to detect living off the land (LOtL) activity. As promised, we have now also released a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get ProblemChild up and running in your environment in a matter of minutes.

This quick blog is the first in a two-part series discussing a userland Windows exploit initially disclosed by James Forshaw and Alex Ionescu. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver.

Windows event logs and event triggers are an important part of Windows server monitoring. With the addition Event Viewer feature, Windows made it possible for server administrators to create custom tasks for certain events. This would be the so-called event trigger, and it could be a script or an email notification. This feature is highly important in terms of security and proactively dealing with issues with the server.

Since the initial release of InfluxDB OSS 2.0 in November 2020, more than 10% of the community has successfully upgraded, and the pace of the upgrades continues at a steady rate. We have released a number of maintenance releases to address defects, expand platform coverage, and enhance the update experience based on feedback.

Last week we covered the essentials of event logging: Ensuring that all your systems are writing logs about the important events or activities occurring on them. This week we will cover the essentials of centrally collecting these Event Logs on a Window Event Collector (WEC) server, which then forwards all logs to Elastic Security.

The Grafana Agent team is happy to announce that Grafana Agent 0.14.0-rc2 includes improved Windows support. Up until now, running Grafana Agent — our tool for gathering metrics, logs, and traces — in Windows was difficult and not well supported for Windows best practices. In short, it was not a good Windows citizen. In the new release candidate, we’re making changes to improve the experience, based on feedback from GitHub issues, customer contacts, and our own experience.

One of the most prevalent log sources in many enterprises is Windows Event Logs. Being able to collect and process these logs has a huge impact on the effectiveness of any cybersecurity team. In this multi-part blog series, we will be looking at all things related to Windows Event Logs. We will begin our journey with audit policies and generating event logs, then move through collecting and analysing logs, and finally to building use cases such as detection rules, reports, and more.