Sysmon Playbook Event ID 3

Sysmon Event ID: 3 Sysmon Event Title: Network Connection Detected Network Connection Attributes: When any machines with Sysmon installed makes a network connection many details about the network connection are captured and logged under the event id 3. We will briefly discuss all the fields captured under the event id 3.     RuleName: %1!s! […]

What is SIEM and it’s functionality

SIEM is a tool that collects, aggregates, normalizes the data and analyses it according to pre-set rules and presents the data in human readable format. The video below talks in detail about the internal working of the SIEM solutions and how the different vendors use this functionality and different terminologies used by them. It briefly […]

What is Security Operations Center (SOC)

A Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. Below you will find my presentation link for this topic where you can see complete video.

Communication Plan

Communication is the key when providing services to either the clients outside your organization or with in your organization to any department. One bad email or a missed email can change the trajectory of your relationship with your client. Now the communication goals can be different and totally depends on the relationship and services being […]