How to Surpress Microsoft Sentinel Log Ingestion
You may want to filter your logs collected, or even log content, before the data is ingested into Microsoft Sentinel. For example, you may want to filter out logs that…
Cisco DUO Connector Issue in Microsoft Sentinel
It is not that easy to deploy built-in Sentinel Connector to your Sentinel environment.
Azure Sentinel Onboarding All Kinds Of Log Sources
After you onboard Microsoft Sentinel into your workspace, use data connectors to start ingesting your data into Microsoft Sentinel. Microsoft Sentinel comes with many out of the box connectors for…
Azure Sentinel Log Query Scripts Collection (Kusto Query Language)
Kusto Query Language is the language you will use to work with and manipulate data in Microsoft Sentinel. The logs you feed into your workspace aren’t worth much if you…
Basic Knowledges about Azure Sentinel (Price, Log, Connectors, T.I., Analytics Rules, KQL)
This post is to summarzie the basic knowledge you can start to use Azure Sentinel as fast as possible.
AlienVault Installation and Configuration
AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), is an open source SIEM solution to collect, normalize and correlate security events. Open Source SIEM (AlienVault OSSIM) addresses this…
Gartner Magic Quadrant for SIEM Products (2010-2020)
Gartner defines SIEM as a technology that aggregates data produced by security devices, network infrastructure and systems, and applications. Products in the security information and event management (SIEM) market analyze…
LogRhythm Remote Windows Log Collection Integration with Symantec SEPM MS SQL DB
This post describes how to configure LogRhythm Agnet to collect the Symantec SEPM logs through MS SQL DB. Method 1 – Syslog Forwarding 1 This is traditional way to forward…
Forward System and App logs to Papertrail – Cloud Log Management
Papertrail is part of SolarWinds Cloud™, the next evolution of our Software-as-a-Service (SaaS) portfolio for monitoring cloud-native applications and infrastructures. It does provide a free plan with following features or…
SIEM System Use Cases
Working on LogRhythm – Cloud SIEM project. LogRhythm’s SIEM solution combines enterprise log management, security analytics, user entity and behavioral analytics (UEBA), network traffic and behavioral analytics (NTBA) and security…
The rocket-fast Syslog Server – Rsyslog Client and Server Configuration
Rsyslog is an Open Source logging program, which is the most popular logging mechanism in a huge number of Linux distributions. It’s also the default logging service in CentOS 7…