all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Parsing and sending in OPNSense Syslog, Suricata, and Firewall logs to Splunk and Microsoft Sentinel for threat hunting and DFIR

Add to bookmarks
July 11, 2023, 1:58 p.m. | /u/thattechkitten

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Using all free applications to send in OPNSense Syslog, Suricata, and Firewall logs into CRIBL Stream to reduce log size for cost reduction and then sending to Sentinel and Splunk



https://medium.com/@truvis.thornton/sending-opnsense-firewall-logs-into-cribl-stream-with-geo-ip-tagging-with-log-source-splitting-99dc6a057eaa

applications blueteamsec cost cribl dfir firewall free hunting log logs microsoft microsoft sentinel opnsense parsing send sentinel size splunk stream suricata syslog threat threat hunting

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

hunt_arcanedoor_ips.csv: Full IP list to check against your ASA/Flow logs for the ArcaneDoor Cisco ASA … 20 hours ago | www.reddit.com
arcanedoor asa blueteamsec check +8
CVE-2024-21111 - Local Privilege Escalation in Oracle VirtualBox 22 hours ago | www.reddit.com
blueteamsec cve cve-2024 escalation +7
How I hacked into Google’s internal corporate assets [tl;dr: dependency confusion] 1 day, 1 hour ago | www.reddit.com
assets blueteamsec corporate dependency +4
here's my blog on Phishing Email Investigation: A Step-by-Step Analysis 1 day, 5 hours ago | www.reddit.com
analysis blog blueteamsec email +2
(The) Postman Carries Lots of Secrets - "We estimate over 4,000 live credentials are currently … 1 day, 9 hours ago | www.reddit.com
blueteamsec cloud credentials live +4
Botconf 2024 videos 1 day, 9 hours ago | www.reddit.com
blueteamsec botconf videos
Hunting for a Sliver in a haystack 1 day, 22 hours ago | www.reddit.com
blueteamsec haystack hunting sliver
Nation-State Threat Actors Renew Publications to npm 2 days, 3 hours ago | www.reddit.com
blueteamsec nation npm publications +3
Guidance for Incident Responders 2 days, 6 hours ago | www.reddit.com
blueteamsec guidance incident incident responders

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Principal Security Analyst - Threat Labs (Position located in India) (Remote)

@ KnowBe4, Inc. | Kochi, India
View on infosec-jobs.com

Cyber Security - Cloud Security and Security Architecture - Manager - Multiple Positions - 1500860

@ EY | Dallas, TX, US, 75219
View on infosec-jobs.com

Enterprise Security Architect (Intermediate)

@ Federal Reserve System | Remote - Virginia
View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Vulnerability Management Team Lead - North Central region (Remote)

@ GuidePoint Security LLC | Remote in the United States
View on infosec-jobs.com
View more jobs