Tag: Event Logging

In today’s rapidly evolving cybersecurity landscape, proactive detection is more critical than ever. AlienVault Threat Hunting empowers security professionals to identify and investigate suspicious activities across a network before they escalate into serious threats. By leveraging tools like AlienVault OSSIM and Open Threat Exchange (OTX). Organizations can uncover hidden indicators of compromise and enhance their […]

In this article, we will discuss of Deployment of OSSEC (IDS) agents to the AlienVault server. OSSEC is an open-source, host-based intrusion detection system (commonly called IDS) that market itself as the world’s most widely used intrusion detection system that performs or helps us to Monitor: – Network Anomalies Log analysis Integrity Checking Windows registry […]

In this article, we will utilize the quick incident response tools recorded beneath to gather information. All these tools are a few of the greatest tools available freely online. Through these, you can enhance your Cyber Forensics skills. Table of Content Live Response Collection-Cederpelta Build CDIR(Cyber Defense Institute Incident Response) Collector Fast IR Collector Panorama […]

In our previous article, we have covered with Velociraptor master server setup with a brief demonstration of Velociraptor installation, GUI interface set up with some of the forensics Artifacts. If you didn’t read that then don’t worry you can visit that article from here. This post continues our deep dive into Threat Hunting Velociraptor for […]

When a user authenticates a Windows endpoint, the system generates an Account Logon event and records it. Meanwhile, the system records these account logon events in its Security event log, which is responsible for authenticates the user. In addition, when a user accesses an account for a resource, the system records a Logon event. Consequently, the […]

A velociraptor is a tool for collecting host-based state information using Velocidex Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on https://www.velocidex.com/docs Table of Content Introduction to Velociraptor Architecture What is VQL Prerequisites Velociraptor Environment Velociraptor installation Addition of host forensics investigation / Threat Hunting Chrome Hunting Let’s Begin some Forensics […]

To perform well and ensure its maintenance, administrators must monitor and manage events on a system, which is extremely important. Meanwhile, administrators use Event Logs, a built-in part of the Windows system, to track events created on a system. Among these, Windows Account Management Events are particularly critical, as they provide insights into user account […]

To ensure a system performs well and maintains its integrity, it is extremely important to monitor and manage events on that system. Event Logs, which are part of the Windows system, originate from activities on the system and, therefore, an administrator or any user can check them locally or remotely at regular intervals. Additionally, Windows […]

Detecting any intrusion in your system is a very important step towards Incident response. Incident response is quite vast, but it is always better to start small. While performing incident response, you should always focus on suspected systems and the areas where it seems there could be a breach. Making use of Incident Response, you […]

For some people who use their computer systems, the systems might seem normal to them; however, it might never be realized that something phishy could be happening or even that the systems might have been compromised. By utilizing Incident Response, security teams can detect a large number of attacks at an early stage. Furthermore, they […]