all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Part 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine Events by ID with Laurel before sending to Sentinel as JSON.

Add to bookmarks
May 27, 2024, 5:09 p.m. | /u/thattechkitten

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Continuing our build out, we now switch over to combining our AuditD logs with Laurel to build better detections by having all our information combined in one log event entry.

[https://medium.com/@truvis.thornton/part-2-threat-detection-engineering-and-incident-response-with-auditd-and-sentinel-combine-a3384e1164e6](https://medium.com/@truvis.thornton/part-2-threat-detection-engineering-and-incident-response-with-auditd-and-sentinel-combine-a3384e1164e6)

auditd blueteamsec build detection detection engineering detections engineering entry event events incident incident response information json laurel log logs response sentinel switch threat threat detection threat detection engineering

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806) 11 hours ago | www.reddit.com
alert blueteamsec critical cve +7
8220 Mining Gang's New Tool: k4spreader 1 day, 2 hours ago | www.reddit.com
blueteamsec gang mining tool
CVE-2024–28999 SolarWinds Race Condition 1 day, 3 hours ago | www.reddit.com
blueteamsec cve cve-2024 race +2
Four Members of Notorious Cybercrime Group ‘FIN9’ Charged for Roles in Attacking U.S. Companies 1 day, 9 hours ago | www.reddit.com
blueteamsec charged companies cybercrime +3
Hunting for Credential Dumping Attacks in Modern Windows Environments - Andrew Case [BSides Philly] 2 days, 4 hours ago | www.reddit.com
attacks blueteamsec bsides case +6
GreyNoise Labs - SolarWinds Serv-U (CVE-2024-28995) exploitation: We see you! 3 days, 4 hours ago | www.reddit.com
blueteamsec cve cve-2024 cve-2024-28995 +6
New North Korean based backdoor packs a punch - "The “Safety Manager” job description campaign … 3 days, 10 hours ago | www.reddit.com
backdoor blueteamsec campaign email +11
Snowflake Threat Hunting Guide 3 days, 20 hours ago | www.reddit.com
blueteamsec guide hunting snowflake +2
How much offensive knowledge do blue team need to know? 4 days, 7 hours ago | www.reddit.com
attack attack techniques blogs blue +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel
View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN
View on infosec-jobs.com