PinnedTruvis ThorntonPart 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine…NOTE: This article is based off the following:May 27May 27
PinnedTruvis ThorntonPart 1 : Threat Detection Engineering and Incident Response with AuditD and Sentinel — along how to…NOTE: This article is based off the following and should be followed first:May 18May 18
PinnedTruvis ThorntonSending OPNSense Syslog, Suricata, and Firewall logs into CRIBL Stream with GEO IP Tagging with log…OPNSense is a great open source firewall but it’s not the most supported in some cases when it comes to sending it’s logs into SIEMs. In…Jul 6, 2023Jul 6, 2023
PinnedTruvis ThorntonCommandline Auditing — Using different tools to security your Linux server and environments.By deault Linux does not offer or have any commandline auditing or logging so you never know who did what, where, when and why. But there…Jul 6, 20231Jul 6, 20231
Truvis ThorntonMicrosoft Azure Sentinel 101: Update alert descriptions dynamically without limits — Unlimited…In this article, we will walk through how to get more meta data and items in the alert description to help your analysis out with what…6d ago6d ago
Truvis ThorntonMicrosoft Azure Sentinel 101: Automatically add TLP(Traffic Light Pattern) to Incidents with logic…Depending on your environment, you may need to TLP tag all your content, and this walk through is a good way to do it. I’ll only be going…Jun 13Jun 13
Truvis ThorntonMicrosoft Azure Sentinel 101: Dynamically update and change Alert/Incident Severity — based on…Depending on how you run your SOC, you may wish to drop Severity to help prevent going over SLAs, especially when an alert is not a threat…Jun 13Jun 13
Truvis ThorntonProxmox Configuration: Change Proxmox Repository to Fix Update Error — TASK ERROR: command apt-get…DetailsJun 3Jun 3
Truvis ThorntonHow To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a function for…UFW is basically a wrapper around IPTables so instead of having to remember how to build out IPTables, UFW makes the process simple…May 18May 18
Truvis ThorntonHow to: Parsing AuditD Syslog in Microsoft Sentinel with a function and combining the events by EveThese are some helpful links on how to understand AuditD and the log format.May 5May 5