Skip to content

McHughSecurity

  • Home
  • Blog
  • Security Operations
  • DFIR
    • Reverse Engineering
      • Dynamic Analysis
      • Static Analysis
  • Vuln. Mgmt
  • Intelligence
    • Open-Source Intelligence
    • Threat Intelligence
      • AIL Framework
      • MISP – Open Source Threat Intelligence Platform
      • OpenCTI
  • Threat Modelling
    • Attack Libraries
    • Attack Trees
    • Mitigating Techniques
    • SaaS Threat Modelling
    • Threat Models
    • Tools
    • Validating Threat Mitigations
  • Toggle search form
  • Using the Data Classification Taxonomies in MISP MISP - Open Source Threat Intelligence Platform
  • Deploying (and using) TheHive4 [Part 1] Build
  • Building Structured Threat Intelligence (STIX) from FBI notices MISP - Open Source Threat Intelligence Platform
  • Exporting Maltego Graphs to MISP Intelligence
  • Using MISP in a TraceLabs Missing Persons engagement Blog
  • Auto-updating Ubuntu 20.04 in less than 2 minutes Operate
  • [Part 3] Building a Threat Integration and Testing Lab – Splunk Enterprise Build
  • Building a Cuckoo Malware Analysis Server Digital Forensics & Incident Response

Tag: elasticsearch

TheHive 4.1.0 Deployment and Integration with MISP

Posted on March 20, 2021 By A.McHugh 16 Comments on TheHive 4.1.0 Deployment and Integration with MISP
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

Every few months, StrangeBee puts out an update to TheHive (Security Incident Response Platform). This month they have added Elasticsearch as an index engine to alleviate issues with using Cassandra, and they have integrated support for MISP galaxies as well!

Now Incident Responders using TheHive can export IOCs and Galaxy assignment directly from TheHive to MISP.

Read More “TheHive 4.1.0 Deployment and Integration with MISP” »

Build, Digital Forensics & Incident Response

Deploying (and using) TheHive4 [Part 1]

Posted on April 5, 2020 By A.McHugh 3 Comments on Deploying (and using) TheHive4 [Part 1]
  1. Deploying (and using) TheHive4 [Part 1]
  2. Building TheHive4 (4.0.5) and configuring MISP, Cortex and Webhooks.
  3. Building the Assemblyline Analyzer for TheHive’s Cortex.
  4. TheHive 4.1.0 Deployment and Integration with MISP

I have been an off and on user of TheHive for nearly a year now, and it is encouraging to see the development and release of TheHive4 (even if in pre-release). In this post I will walk through the deployment, configuration and migration of TheHive to TheHive4, and what improvements have been implemented into this release.

Read More “Deploying (and using) TheHive4 [Part 1]” »

Build

Threat hunting with Elasticsearch and Kibana (Part 1)

Posted on April 4, 2020 By A.McHugh 2 Comments on Threat hunting with Elasticsearch and Kibana (Part 1)

As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data in to organisational threat data based on a fictitious business.

Part of the complication I am going to start facing, is how to how Elasticsearch and Kibana to find specific information for me from this live data set.

Previously I have indicated that a data set exists which was produced by the Canadian Institute for Cybersecurity, called IDS 2018, which contains Windows Event Logs and PCAP files relating to a set of simulated attacks generated for the purposes of teaching people how to hunt within similar datasets.

Here I will be discussing the deployment, configuration and interaction with this data set to achieve the outcome required.

Read More “Threat hunting with Elasticsearch and Kibana (Part 1)” »

Digital Forensics & Incident Response, Security Operations, Threat Intelligence

Loading Windows Event Logs to Elasticsearch

Posted on January 13, 2020 By A.McHugh No Comments on Loading Windows Event Logs to Elasticsearch

So whilst playing through an element of Kringlecon 2019 I came across a task which didn’t really suit my Christmas challenge of going to Linux full-time. One such challenge involved a Windows Event Log file with no ready access to a Linux derivitive of Event Viewer. My Kali laptop for my Christmas challenge was already…

Read More “Loading Windows Event Logs to Elasticsearch” »

Digital Forensics & Incident Response, Operate

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Search

Recent Posts

  • Auto-updating Ubuntu 20.04 in less than 2 minutes
  • Feeding Analysis Information Leak (AIL) Framework
  • An Introduction to Threat Intelligence
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting
  • Building CCCS’ AssemblyLine for Static Analysis

Archives

  • April 2022
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • September 2020
  • April 2020
  • March 2020
  • January 2020
  • May 2019
  • OSINT for Threat Intelligence Blog
  • Building a Cuckoo Sandbox Build
  • Deploying MISP on DigitalOcean or Vultr Cloud Hosting Frameworks
  • Implementing Elastic Cloud and using Elastic Security Build
  • Using MISP in a TraceLabs Missing Persons engagement Blog
  • [Part 4] Building a Threat Integration and Testing Lab – MISP Threat Intelligence Sharing Platform Build
  • OSINT for Missing Persons (Part 1 – Intro) Open-Source Intelligence
  • Building a parallel-analysis Cuckoo server Digital Forensics & Incident Response

Categories

  • AIL Framework
  • Blog
  • Build
  • Design
  • Digital Forensics & Incident Response
  • Frameworks
  • Intelligence
  • MISP – Open Source Threat Intelligence Platform
  • Open-Source Intelligence
  • Operate
  • Security Operations
  • Static Analysis
  • Threat Intelligence

Copyright © 2022 McHughSecurity.

Powered by PressBook News Dark theme