An Elasticsearch Watcher is typically paired with a Kibana Saved Search to identify the events which caused it to fire. This post demonstrates how a Watcher can use the Apache Lucene style query from a Saved Search, ensuring the Watcher remains aligned as the query evolves.
Packet capture on Windows typically requires the installation of a specialised tool. In most cases this tool requires some form of kernel driver. In this post we demonstrate how to capture IP packets on Windows without requiring any extra software or drivers to be installed.
YARA from VirusTotal is a powerful tool that can be used to identify and classify malware. In this post we demonstrate how it can be employed to scan email, in real-time, using the NoSpaceships open-source yaraka project.
Many people are often surprised by the depth of the DNS. In this post we highlight several items not typically learnt about the protocol and its implementations.
In our initial post we demonstrate how the dns-logger from NoSpaceships can be used to capture and feed real-time DNS activity into an Elasticsearch based SIEM.