Security Onion 2.4.70 now available including our new Detections interface and much more!
Tune your:
☑️#NIDS rules for #Suricata
☑️#Sigma rules for #ElastAlert
☑️#YARA rules for #Strelka
Take your #DetectionEngineering game to a new level!
https://blog.securityonion.net/2024/05/security-onion-2470-now-available.html
Threat Intelligence for SOC - I have just completed this room! Check it out: https://tryhackme.com/room/threatintelligenceforsoc #tryhackme #soc #threatintelligence #uncoder #kibana #elastalert #threatintelligenceforsoc via @RealTryHackMe
Wow that meme post from the other day was by far my most popular toot. I definitely was not expecting that, but I appreciate that our community supports the same kind of humor :D
I have been doing lots of work with Elastalert the past few days:
https://github.com/Yelp/elastalert
It's been super fun! I am porting over certain threat detection alerts over to a slack channel. Utilizing Elastalert allows me to do it for free. The only catch is you have to hand build the YAML files, but honestly it's been a great learning experience. I highly recommend it anyone using ELK and wants alerting!
I think the best part about the false positive alert that fired tonight for a developer account getting domain admin was my boss posting an xzibit meme at the end. :ablobcatbongokeyboard:
Hunting with #ELK and #SIGMA rules #ElasticStack Also the best description of #ElastAlert I've seen https://posts.specterops.io/what-the-helk-sigma-integration-via-elastalert-6edf1715b02
