If you are like me and deploy lots of small instances of VMs all over the place for various functions, you will find applying updates to them all consistently and…
Hardening TheHive4 and Cortex for public deployment
In this post, I talk about hardening TheHive and Cortex for an Internet-accessible deployment. This includes the application of TLS v1.2+ and the configuration of multi-factor authentication. Cortex can be…
[Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Within a…
[Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise
As a bake off for the Threat Lab and Incident Response capabilities, we will also be installing Splunk Enterprise. This will be in the 30 day trial mode, so it…
[Part 2] Building a Threat Integration and Testing Lab – Elastic Cloud Enterprise (On-Premises)
You can potentially use a Cloud-hosted instance of Elastic Cloud Enterprise, however since I am trying to avoid putting this environment on the Internet, I will be building ECE in…
[Part 1] Building a Threat Integration and Testing Lab
For this article and subsequent articles, I will be talking through the installation, configuration, and integration components in building an integrated threat and incident response lab. The primary purpose of…
Security Orchestration with Shuffle.io
For this post I will be talking through the deployment and configuration of Shuffler.io in a self-hosted configuration.Shuffler.io is a Security Orchestration Automation and Response (SOAR) platform which allows integrations…
Using MISP in an air-gapped environment
MISP works really well in an internet connected environment in gathering and creating correlations. However, in air-gapped environments the ability to query MISP for indicators is still incredibly useful, except…
TheHive 4.1.0 Deployment and Integration with MISP
Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra,…
Implementing Elastic Cloud and using Elastic Security
Elastic offers a Cloud based solution which would allow a very modest lightweight SIEM to be implemented for around $0.05 AUD/hour (60GB of Index Storage), but this does not include…