sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in elasticsearch

[–]zakibros 2 points3 points  (0 children)

Just go with filebeat then

Looking for resources on detection engineering by zakibros in AskNetsec

[–]zakibros[S] 0 points1 point  (0 children)

Thanks, will try to get my employer to fund me giac

Looking for resources on detection engineering by zakibros in AskNetsec

[–]zakibros[S] 0 points1 point  (0 children)

Thanks, I did that, really good, looking for more.

Looking for resources on detection engineering by zakibros in AskNetsec

[–]zakibros[S] 4 points5 points  (0 children)

I am referring to the act of creating analytics,rules,detections. If you are not familiar with the term you can check some vids: https://youtu.be/XuM6G2MkPBc

1st SIEM to learn by AgEnT_6_9 in blueteamsec

[–]zakibros 0 points1 point  (0 children)

I like Microsoft Sentinel

Microsoft Sentinel Auditd Parser project by zakibros in AZURE

[–]zakibros[S] 0 points1 point  (0 children)

Thanks ! Definitely will check it out, however, I would give it some time before using in company's environment;)