Elastic Detection Rule Development: Disable Windows Event and Security Logs > How I took a issue created by another github user and added value to the original query and helped mold it into a new detection By Austin Songer 25 Jun 2021
Elastic Elastic Detection Rule Development: Suspicious Exchange Mailbox Right Delegation You first begin by looking up API or PowerShell cmdlets that will help assign permissions to a specific mailbox. So for this rule of detecting By Austin Songer 22 Jun 2021
Elastic How to Install & Register Wazuh Agent on Windows and Linux (Debian-Based) DEBIAN Install Wazuh Agent curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.1.5-1_amd64.deb By Austin Songer 17 Jun 2021
Docker Install and Configure Elasticsearch, Logstash, Kibana on Docker This tutorial how to install ELK stack on Docker Containers Install Docker on Debian-Based Distributions apt update apt install apt-transport-https ca-certificates curl software-properties-common -y echo By Austin Songer 21 Apr 2021
Elastic Install and Configure Nginx for Elasticsearch, Logstash, Kibana > This tutorial will go over how to install and configure Nginx for ELK stack. Install Nginx Adding HTTPS support. sudo apt-get install -y nginx apache2-utils By Austin Songer 17 Apr 2021
Wazuh Install and Configure Wazuh Agent: Windows Step 1 - Deploy a Windows Wazuh Agent > Copy and Paste the Enrollment Command Step 2 - Open Windows Terminal > Open a Powershell Tab Step By Austin Songer 28 Mar 2021
Elastic Elastic Security: Bulk Detection Rule Modification via Detection API - JIRA Connector Thanks to James Spiteri at Elastic. Requirements Depending on the taste of your Linux JQ * jq 1.5 is in the official Debian and Ubuntu By Austin Songer 26 Mar 2021
Ubuntu How to Install ELK on Ubuntu 20.04 Elasticsearch, Logstash, Kibana (ELK) allows for managing large amounts of log data on Ubuntu 20.04 Focal Fossa. The ELK stack combines Elasticsearch, Logstash, and By Austin Songer 21 Mar 2021
Elastic Elasticsearch: Shard List Elasticsearch’s cat API is something that you will be using a lot when learning about Elasticsearch and gaining hands on experience with. It allows By Austin Songer 20 Mar 2021
azure Elasticsearch Snapshots with Azure Part 4: Create Elastic Snapshot Policy Elasticsearch Snapshot Policy * schedule: What frequency and time to snapshot our data. You can make this as frequent as you require, without worrying too much By Austin Songer 5 Feb 2021
azure Elasticsearch Snapshots with Azure Part 3: Create Elastic Snapshot Repository Step 1 - Click on Menu Step 2 - Stack Management Step 3 - Snapshot and Restore Step 4 - Repositories Step 5 - Register By Austin Songer 5 Feb 2021
azure Elasticsearch Snapshots with Azure Part 2: Adding Azure Secrets to Elastic Cloud > This assumes that the elastic instance is created in Azure. Step 1 - Elastic Cloud Dashboard > Click on the deployment that you made Step 2 By Austin Songer 5 Feb 2021
azure Elasticsearch Snapshots with Azure Part 1: Setting Up Azure Blob A elastic snapshot is a backup copy of a running Elasticsearch cluster. This snapshot can be of an entire cluster or specific indices and data By Austin Songer 5 Feb 2021
Elastic Wazuh: No ElasticSearch Template Failed to connect to localhost port 9200 austin@wazuh2:~$ sudo curl https://raw.githubusercontent.com/wazuh/wazuh/v3.10.2/extensions/elasticsearch/7.x/wazuh-template. By Austin Songer 4 Nov 2019