PinnedTruvis ThorntonPart 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine…NOTE: This article is based off the following:8 min read·May 27, 2024----
PinnedTruvis ThorntonPart 1 : Threat Detection Engineering and Incident Response with AuditD and Sentinel — along how to…NOTE: This article is based off the following and should be followed first:4 min read·May 18, 2024----
PinnedTruvis ThorntonSending OPNSense Syslog, Suricata, and Firewall logs into CRIBL Stream with GEO IP Tagging with log…OPNSense is a great open source firewall but it’s not the most supported in some cases when it comes to sending it’s logs into SIEMs. In…5 min read·Jul 6, 2023----
PinnedTruvis ThorntonCommandline Auditing — Using different tools to security your Linux server and environments.By deault Linux does not offer or have any commandline auditing or logging so you never know who did what, where, when and why. But there…5 min read·Jul 6, 2023--1--1
Truvis ThorntonMicrosoft Azure Sentinel 101: Update alert descriptions dynamically without limits — Unlimited…In this article, we will walk through how to get more meta data and items in the alert description to help your analysis out with what…3 min read·4 days ago----
Truvis ThorntonMicrosoft Azure Sentinel 101: Automatically add TLP(Traffic Light Pattern) to Incidents with logic…Depending on your environment, you may need to TLP tag all your content, and this walk through is a good way to do it. I’ll only be going…5 min read·5 days ago----
Truvis ThorntonMicrosoft Azure Sentinel 101: Dynamically update and change Alert/Incident Severity — based on…Depending on how you run your SOC, you may wish to drop Severity to help prevent going over SLAs, especially when an alert is not a threat…4 min read·5 days ago----
Truvis ThorntonProxmox Configuration: Change Proxmox Repository to Fix Update Error — TASK ERROR: command apt-get…Details3 min read·Jun 3, 2024----
Truvis ThorntonHow To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a function for…UFW is basically a wrapper around IPTables so instead of having to remember how to build out IPTables, UFW makes the process simple…6 min read·May 18, 2024----
Truvis ThorntonHow to: Parsing AuditD Syslog in Microsoft Sentinel with a function and combining the events by EveThese are some helpful links on how to understand AuditD and the log format.6 min read·May 5, 2024----