Intro In one of my previous posts I went on a bit of a rambling about how bad the standard ArSight’s PowerShell Exchange connector is. Recently I have found out that it does not always pulling all the admin audit...
Intro So here is the story, MS Exchange is one of the most popular platforms for corporate email messaging. However it is not easy to get audit logs out of it. Now as you may know Exchange has several logs...
Today’s threat landscape commands collecting logs from all the Windows endpoints. The cheapest way ATM is via the Windows Event Forwarding or WEF. In particular it is possible to improve threat hunting in your organization with the help of the...
CheckPoint Firewall Correlation Rule Pack - Part 3. Last two posts were all about admin events, like logged in admins, their activities and number of events per hour. In this final part of the basic monitoring rule pack we will...
CheckPoint Firewall Correlation Rule Pack - Part 1. So in the previous post we have covered the first part of our basic firewall monitoring dashboard showing us overall Firewall Events Trend. This time we will proceed and add two more...