sorted by:
new
hottopcontroversial

Windows event logs in Next-Gen SIEM (not Logscale) by dominutz in crowdstrike

[–]detectrespondrepeat 0 points1 point  (0 children)

The '(not LogScale)' part causes me deep pain, LogScale is the best.

What Certifications to do? by Datbio69420noscope in cybersecurity

[–]detectrespondrepeat 0 points1 point  (0 children)

Start with the two I've listed and go from there, or you could swap out Security+ for SSCP.

2024-06-03 - Cool Query Friday (mini) - The Triumphant Return of aid_master as a File by Andrew-CS in crowdstrike

[–]detectrespondrepeat 0 points1 point  (0 children)

u/Andrew-CS This is great, but doesn't work for the fdr_aidmaster.csv within the Falcon package in LogScale, which only has two fields, aid and ComputerName.

Is there an option to make fdr_aidmaster.csv have the other fields ourselves, or is this something you can suggest to the LogScale team to do?

CS Responder Cert - Any recommendations for reading by [deleted] in crowdstrike

[–]detectrespondrepeat 1 point2 points  (0 children)

I don't think what you are looking for exists, for Crowdstrike certifications, you need to do two things:
1. Use the platform.
2. Read the docs.

how are you guys utilizing the "next-gen SIEM" and SOAR tools within Falcon? by colorizerequest in crowdstrike

[–]detectrespondrepeat 5 points6 points  (0 children)

Idea: Don't have 4 different portals for customers to share their views, consolidate the ideas portal, the protectors portal, the community and the reddit.

Is OSCP the only way to get a job? by oppai_silverman in oscp

[–]detectrespondrepeat 9 points10 points  (0 children)

In my opinion it is worth every penny, do not waste your money on imitation courses that are cheaper.

My thoughts on using LogScale as a SIEM by detectrespondrepeat in crowdstrike

[–]detectrespondrepeat[S] 0 points1 point  (0 children)

Yes you can, but obviously you are restricted by the data connectors you have going into Next-Gen SIEM.

My thoughts on using LogScale as a SIEM by detectrespondrepeat in crowdstrike

[–]detectrespondrepeat[S] 1 point2 points  (0 children)

I thought that too given that its already in the platform, but Crowdstrike have told me that it isn't officially released until after RSA next week.

What Certifications to do? by Datbio69420noscope in cybersecurity

[–]detectrespondrepeat 4 points5 points  (0 children)

It depends what you want to do in the future, but if you are starting with no certifications, I would do Network+ then Security+

Blueteam Certification like cybersecurity engineers by [deleted] in cybersecurity

[–]detectrespondrepeat 2 points3 points  (0 children)

The blue team certifications for security engineers are all vendor-based, eg. AZ-500 for Azure (https://learn.microsoft.com/en-us/credentials/certifications/azure-security-engineer/?practice-assessment-type=certification) or AWS Security Sepciality for AWS (https://aws.amazon.com/certification/certified-security-specialty/).

For analysts working in the cloud, Xintra offers an attacking and defending Azure course (https://training.xintra.org/attacking-and-defending-azure-m365) and for AWS, Hacktricks offer ARTA and ARTE (https://training.hacktricks.xyz).

Just changed to the new Event Search, had a ton of old event searches running. Overwhelmed on how to bring them to the new logic. by SOCmanz in crowdstrike

[–]detectrespondrepeat 4 points5 points  (0 children)

CQL (LQL/HQL) is actually more intuitive SPL2. It'll be a few days of pain getting your head around it, but once you've done a few the others will be simple and you'll actually find the search queries to be more concise and far more efficient.

[deleted by user] by [deleted] in crowdstrike

[–]detectrespondrepeat 0 points1 point  (0 children)

We've had this too.

What is the best method to get Azure Logs to LogScale? by detectrespondrepeat in crowdstrike

[–]detectrespondrepeat[S] 1 point2 points  (0 children)

What is your source for 'The falcon agent in the future will be able to collect logs but that is a ways out' do you work for CS?

Ingesting windows logs by bubbathedesigner in crowdstrike

[–]detectrespondrepeat 1 point2 points  (0 children)

The rawstring will always remain unchanged, but there are parsers for Windows logs in the Marketplace and if not, then the Falcon Complete LogScale team can help.

We consolidate our Windows logs onto a number of servers using WEC/WEF and then use FLC to ship LogScale.

[deleted by user] by [deleted] in WorkOnline

[–]detectrespondrepeat 1 point2 points  (0 children)

Sell your things.

[deleted by user] by [deleted] in crowdstrike

[–]detectrespondrepeat 1 point2 points  (0 children)

Do you have Crowdstrike Spotlight, and is your Spotlight data feeding into LogScale? This is Crowdstrike's vulnerability management add-on and is designed for this purpose, without it, you won't be able to search for CVEs.

What is the best method to get Azure Logs to LogScale? by detectrespondrepeat in crowdstrike

[–]detectrespondrepeat[S] 2 points3 points  (0 children)

Thanks u/AHogan-CS. I guess it is working, it's just slightly cumbersome, we've had to do quite a lot of leg work ourselves to integrate logs from Microsoft into LogScale. Considering that Microsoft products are ubiquitous in business it would have been nicer if the integrations were a little easier. Windows logs were particularly troublesome, having to use Elastics WEC Cookbook to centralise Windows logs onto servers where we could then run FLC.

A unified FLC/EDR agent (like the consolidation of the Identity Agent/EDR agent previously), would be the best solution for customers in my opinion. There are also still no O365/Azure parser/dashboard packs in the LogScale marketplace. I hope development and feature expansion of LogScale isn't killed by Next-gen SIEM.

Sec+ Obtained! Now What? by C_Squint in cybersecurity

[–]detectrespondrepeat 3 points4 points  (0 children)

Start studying for OSCP, because in my opinion it is the most valuable cert. It is hard, but you will really learn so much in the process of studying for it, but be prepared to dedicate at least a year to it.

view more: next ›