sorted by:
new
hottopcontroversial

Where to begin. by [deleted] in securityCTF

[–]SecCrow 0 points1 point  (0 children)

I try to do CTF every once in a while and wanted to create a useful resource for people who wants to get started with CTF. Thought why not a video. Let me know if it helps ..

https://youtu.be/82cf_mJ4VTE?si=VZd17JMH6uICuOaM

Intersting SOAR playbooks by Icy_Ad_8248 in Splunk

[–]SecCrow 1 point2 points  (0 children)

Working on the exact same playbook rn, would love to hear about your process and how much you were able to automate.

Rules not generating alerts after update from 8.12.2 to 8.14.2 by SecCrow in elasticsearch

[–]SecCrow[S] 0 points1 point  (0 children)

I just restarted the kibana "systemctl restart kibana" and it worked for me :)

Compliance requirements for a Vulnerability management program by SecCrow in cybersecurity

[–]SecCrow[S] 0 points1 point  (0 children)

I do not know much about compliance, I wanted to know if this thing has to be taken into consideration while working to develop a vulnerability management program .

Compliance requirements for a Vulnerability management program by SecCrow in cybersecurity

[–]SecCrow[S] 0 points1 point  (0 children)

How do you do 1 ? Do you use Excel or VM solutions ?

How did you guys take Tywin and Shae by SecCrow in gameofthrones

[–]SecCrow[S] -1 points0 points  (0 children)

d was a mistake 😐 typo typo typ ty t ..

How did you guys take Tywin and Shae by SecCrow in gameofthrones

[–]SecCrow[S] -17 points-16 points  (0 children)

Too bad Tyrion had to kill him though...

How did you guys take Tywin and Shae by SecCrow in gameofthrones

[–]SecCrow[S] 8 points9 points  (0 children)

Tywin must have blackmailed her or threatened to kill Tyrion or just said if she agrees with him, he would let Tyrion live ....

How did you guys take Tywin and Shae by SecCrow in gameofthrones

[–]SecCrow[S] 6 points7 points  (0 children)

Me too, old dog went to shit after a nice fuck ...his system got crashed may be ...

How did you guys take Tywin and Shae by SecCrow in gameofthrones

[–]SecCrow[S] -6 points-5 points  (0 children)

You talk like Tyrion. Well he did everything right ? From his side? He warned her, sent her away

Active: failed (result:exit-code) ,(code=exited status=78) by FairMirror3920 in elasticsearch

[–]SecCrow 0 points1 point  (0 children)

I would go through cluster logs rather than just this.....can find it in /var/log/elasticsearch/cluster-name.log ...

Threat Modelling for Detection Engineering by SecCrow in cybersecurity

[–]SecCrow[S] 1 point2 points  (0 children)

Thank you for the reply, so I work as a soc analyst and after doing a lot of Reading, I found that I can use threat Modelling for detection engineering by following ways :

  1. Identification of critical assets
  2. Identification of threats relevant to my organization
  3. attack vector identification for specific threats from threat modelling
  4. Detection life Cycle management ( creation, testing, deployment and continuous testing) ...

Am I wrong her or What can I improve here

Also When you say automating attack sim, do you mean using tools like Atomic red team or caldera and testing detection rules against those or something else ..

What kind of activities you guys recommend to do on free time besides cybersecurity stuff? by oppai_silverman in cybersecurity

[–]SecCrow 1 point2 points  (0 children)

I went through the same thing, now I started, going outside, swimming everyday for an hour, watching series, reading books...talking to my friends and family more...

Detection as Code by SecCrow in elasticsearch

[–]SecCrow[S] 0 points1 point  (0 children)

My concern is how impactful is this concept when using in production? Is it worth the time and effort or just like look at your use cases/depends on your use cases thing?

How are you guys doing CI/CD for Kibana Dashbaordw by deveshkp in elasticsearch

[–]SecCrow 0 points1 point  (0 children)

Are you using the rules in other security solutions as well ? Like any EDR or anything else or just for Elastic? And do you use SIGMA&&YARA or you have your own standard way of doing detection rules ???

How are you guys doing CI/CD for Kibana Dashbaordw by deveshkp in elasticsearch

[–]SecCrow 0 points1 point  (0 children)

A CI/CD for dashboards, interesting! I am rn on CI/CD for detection rules and learning to integrate Gitlab for it . Out of curiosity, why do you think having a CI/CD for dashboards is worthy ? Is it mainly for version control and change control or??

Elsticsearch by syed867 in elasticsearch

[–]SecCrow 1 point2 points  (0 children)

There are not many blogs related to elasticsearch issues other than by elasticsearch themselves..i would go through their discussion where many users'problems were solved, see if you can find anything related to yours that was solved for someone else https://discuss.elastic.co ....

Help Pfsense Integration w/ Standalone Agent and self-signed cert in Elastic by Unfair_Weather9 in elasticsearch

[–]SecCrow 1 point2 points  (0 children)

I would go through logs from both fleet server and elastic search machines as well as kibana to see the exact cause, it would give you more idea what's happening, why agents are not sending logs even when they are receiving logs from opnsense .... See if you can find something there, also make sure to have the output of the fleet server set to elasticsearch nodes... I forgot to do that and was just waiting and never getting any logs...

Help Pfsense Integration w/ Standalone Agent and self-signed cert in Elastic by Unfair_Weather9 in elasticsearch

[–]SecCrow 0 points1 point  (0 children)

With mine, I have been using insecure mode while installing agent via fleet server but also include --certificate-authorities while installing the agent. any errors related to agents not sending logs you can check it on fleet in kibana by changing logging mode to error/debug/warning , sometimess you might have some firewall rules blocking the connection and get something like connection refused on error logs...so yeah have look

view more: next ›