SYSMON Playbook – Event ID 1
Windows by default records most of the activity happening on OS in the Windows logs and can be viewed in Windows Event Viewer. However the Sysmon is much better when it comes to pr
Disable Microsoft Defender – Detection
This was simple detection where Microsoft Defender services were blocked and events were observed. Detection queries for the same are present at the end. Windows Defender alerts yo
Sysmon Playbook Event ID 15
When a file is downloaded from the internet it is saved to the local system. File streams are recorded by this event id when the file is being downloaded mostly from web browser. A
What is SIEM and it’s functionality
SIEM is a tool that collects, aggregates, normalizes the data and analyses it according to pre-set rules and presents the data in human readable format. The video below talks in de
What is Security Operations Center (SOC)
A Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization
Alien Vault Reconfiguration
Alienvault-reconfig creates the live configuration, loads the appropriate values, and makes sure all appropriate changes are made to dependent service configurations. Alienvault-re
Alien Vault Events Not Coming
Some of the options that can be pursued to troubleshoot and resolve this issue have been mentioned below: Login to Alien Vault server using putty with “root” credentials. After
Alien Vault TCPdump Troubleshoot
Some of the options that can be pursued to troubleshoot and resolve this issue have been mentioned below: Login to Alien Vault server using putty with “root” credentials. After
Alien Vault Configuration Backup
Backing up the configuration is one of the important thing that analyst should take care of. Since AlienVault configuration include system profile, network configuration, inventory
Alien Vault Update
If there is an update available from the Alien Vault please follow the below mentioned points. To check if there is an update available, go to your browser and type Alien Vault ser