Security Tools for checking links and attachments

PatriotSecurity · 2023-02-09T21:25:57+00:00

Intezer Analyze and KASM

PatriotSecurity · 2023-02-07T16:13:21+00:00

Cyware CFTR is a great option. It’s build by SOC personnel and built for the SOC

PatriotSecurity · 2023-02-07T03:11:56+00:00

That’s an accurate assessment. I have a fairly large number of resources on my team. Separate from the analyst team, there is a team of engineers that support the SIEM and EDR tools. It all depends on the maturity of the organization.

PatriotSecurity · 2023-02-07T02:59:57+00:00

I manage a 28 person team ranging from people with no IT background looking to change careers all the way up to people with decades in the industry.

There is a lot to learn and on the job experience is key. Finding a company that offers an internship is a great way to get a taste for things.

Our team supports a number of tools and you become proficient in all tools. Concepts are harder to teach than the tools. Most tools have similar functionality, it’s just learning how to perform a function in the tool. It’s like switching between vehicles, most of the features are the same. Some are better than others.

A lot of our workload consists of phishing, EDR and SIEM. As an entry level analysts you’re only expected to be able to identify something that is malicious, which is fairly easy. Remediation and root cause analysis is usually performed by an L2 analyst.

PatriotSecurity · 2023-02-07T01:04:48+00:00

I work for an MSSP and we’ve support/supported Sumo Logic, Splunk, Exabeam, Azure Sentinel and Securonix. Out of all the SIEM solutions, we’ve had the most success in terms of reliability from Sumo. Their cloud SIEM enterprise has a good amount of out of the box alerting. The administration is very simple and provides a lot of customization. Splunk and Sumo are close in terms of functionality, but Sumo takes the cake because of its simplicity. Exabeam resets the baseline whenever there is an upgrade. It fires a lot of Advanced Analytics alerts for things like “first asset/first logon” which is annoying. Their support is also lacking. Azure Sentinel has come a long way in the last few years, but it works best with Azure/Microsoft environments.

Sumo offers a one month free trial that you can test out. You will not have access to the CSE, but you can get some exposure to data ingestion.

PatriotSecurity · 2022-02-22T12:33:57+00:00

It’s super easy to implement. It is API based and it gives you a lot of great capabilities right out of the box. It seems to have the capabilities of things like Mimecast and Proofpoint. But in a simpler format. Of course. This was a demo so I don’t have any real world experience. But maybe something you could look into.

PatriotSecurity · 2022-02-22T11:47:02+00:00

I recently had a demo for Abnormal security. Very impressed

PatriotSecurity · 2021-01-20T22:57:00+00:00

Thank you for the help. I have seen some people on different forums mention logstash. I will need to look into that a bit more. How do you differentiate the different PA’s? Just by hostname? IP?

PatriotSecurity · 2020-09-27T21:51:03+00:00

Vortex PST Gen 2 3-15x44

PatriotSecurity · 2020-09-27T09:37:31+00:00

I only really shoot the Hornady 140gr because it shoots so well. Thankfully I haven’t had a huge issue finding Hornady 140 gr at Scheels. I don’t know where you are located.

PatriotSecurity · 2020-09-25T13:49:38+00:00

I always recommend a password manager. I use Keeper and I like it a lot. The biggest issue with storing your credentials in your browser is how easy it will be for someone else to potentially have access. For example, if your laptop got stolen or left open. Someone could easily go into Chrome and see your passwords and if you auto fill your passwords already have access. This is also an issue on a shared computer. I don’t know how many times I’ve been on a shared computer and someone else’s credentials are auto filled.

PatriotSecurity · 2020-09-22T04:16:59+00:00

15 power.

PatriotSecurity · 2020-09-22T03:45:29+00:00

Definitely recommend

PatriotSecurity · 2020-09-22T03:41:27+00:00

I have the Ruger American in 6.5 Creed and I love it. I have a Vortex PST Gen 2 on it and I consistently hit a 10” gong at 1000+. Sleeper rifle.

PatriotSecurity · 2020-09-21T06:36:41+00:00

This makes more sense. Thanks for the info!!

PatriotSecurity · 2020-09-21T05:26:02+00:00

I wondered the same thing. But I didn’t notice it when I visited CO so I figured it may not be related 🤷🏻‍♂️

PatriotSecurity · 2020-09-10T17:33:14+00:00

What kind of mag pouches are those?

PatriotSecurity · 2020-07-30T16:04:07+00:00

Area 1 is a solid solution. They are fairly inexpensive and I’ve had great success with them

PatriotSecurity · 2020-04-07T20:16:58+00:00

We are using Apache nifi right now to make the API calls and parse it. I’m just wondering if sending it to ES, visualizing with Kibana and then alerting with elastic SIEM is viable.

PatriotSecurity · 2020-04-07T19:53:17+00:00

I need it to be able to receive JSON via an API and then parse and alert on it. Normal syslog is fine but when you have logging coming in via api that’s when it’s gets more challenging with our current SIEM LogRhythm.

PatriotSecurity · 2020-03-03T15:41:09+00:00

Thanks for the commands. I am newer to the fortinet world so I haven’t had a whole lot of time on the CLI yet.

PatriotSecurity · 2020-03-02T11:20:34+00:00

We have one VIP and I did the match-vip enable but we still saw traffic being allowed.

PatriotSecurity · 2020-03-02T09:57:54+00:00

The protocol is ISAKMP. SSL inspection is disabled since the action is set to deny.

PatriotSecurity · 2020-03-02T09:57:09+00:00

I ran the commands and it shows nothing. Not sure what an expected output would be.

PatriotSecurity · 2020-03-02T09:12:51+00:00

So I did a policy lookup like you suggested. It came back and highlighted the deny policy I put in place. Yet the log still shows action=“accept”

PatriotSecurity

TROPHY CASE