Posts by Rapid7

5 min IT Ops

Get your work done even faster with the Logentries REST API

Now you can get your work done even faster by automating tasks with the Logentries REST API. With the ability to programmatically query data, manage users, create alerts and integrate third party tools, it’s now easier to finish the job and get on with your day. Table of contents * Query API- Example Usage * Team and User Management API- Example Usage * Tags and Alerts API- Example Usage * LeExportPy- Read More * LeCLI- Read More On-demand Webinar Interested in learning more about the

4 min Automation and Orchestration

Secure Password Storage in Web Apps

Synopsis We like writing web applications. Increasingly, software that might have once run as a desktop application now runs on the web. So how do we properly authenticate users in web contexts? Passwords, of course! Let’s look at how to handle password authentication on the web. What not to do It’s very tempting to use plaintext authentication for web applications. Let’s whip up a quick python web server that we’ll use to test authentication. Let’s say we want to provide access to magic number

5 min Komand

5 Reasons Companies Are Losing Security Talent (And What to Do)

It’s hard enough finding security talent, but losing the talent you already have can be a particularly painful blow. That’s why we’ve put together a quick guide to help you: * Address some of the underlying causes of attrition * Increase retention of your security talent * Solve the security gap at your organization Here are five common talent-retention challenges and how to address them head-on. Challenge #1: Constrained Budgets and Disproportionate Strategy According to Kaspersky Labs, 8

5 min Komand

Filtering and Automated Decisions with PEG.js and React-Mentions

Here at Komand, we needed an intuitive way to filter data from a trigger step.  When automating security operations and processes, sometimes you don’t want a workflow to start on every trigger.  Splunk logs may be firing off millions of events, but running a workflow for each one may not really be what you need.  If we were to set up a privilege escalation rule in Sysdig Falco and index it in Splunk, we would want to run a specific workflow for that rule, but a separate workflow for detecting SQ

5 min IT Ops

Hashing Infrastructures

Engineers in fast moving, medium to large scale infrastructures in the cloud are often faced with the challenge of bringing up systems in a repeatable, fast and scalable way. There are currently tools which aid engineers in accomplishing this task e.g. Convection, Terraform, Saltstack, Chef, Ansible, Docker. Once the system is brought up there is a maintenance challenge of continually deploying and destroying the resources. What if we can hash the inputs for describing an infrastructure, where

3 min Komand

Defining the Roles & Responsibilities of Your Security Team

Muddling together security responsibilities often leads to tasks falling through the cracks. Instead, organizations should be as clear as possible about which member of the security staff is responsible for which tasks. Moreover, the division of those tasks should reflect the unique capabilities and strengths of each team member. For instance, SOC personnel should be given tasks that require immediate attention, such as alert handling and incident response. Security engineers, on the other hand

3 min Komand

Does Security Automation Mean SOC Employees Will Be Obsolete?

Telephones, computers, and robots all have one thing in common: People thought they’d replace the need for human input, putting us all out of a job. On the contrary, these technologies were widely embraced once the public realized what their true purpose was: to automate tedious work and enable us to do things we actually enjoy doing, and faster, too. The same benefits apply to security operations, and this is a great thing for security operations centers (SOCs) [https://www.rapid7.com/fundament

3 min IT Ops

4 Potential Security Issues Raised By Pokémon Go

Pokémon Go is a phenomenon. The game is objectively a success and has been breaking mobile gaming records almost weekly. The game’s current success is without being open in some significant markets and it shows no signs of slowing. It is important to remind players to take measures to protect your company’s interests when playing. Pokémon Go is an Augmented Reality game. Players see the game’s fictional world on top of everyday reality. Augmented Reality manifests in several ways: from import

3 min Komand

A Framework for Selecting and Implementing Security Tools Today

Security products are often purchased to either mark a compliance checkbox, have the newest, shiniest tool on the market, or because of a great vendor pitch, but those reasons don’t support a strategic approach to security posture. With so many technologies out there today, we put together a simple and straightforward framework you can use to make signal out of noise and select the technology that fits your unique needs. 1. Hire People First A big misstep that many organizations make is pickin

10 min Komand

Building a Simple CLI Tool with Golang

Go offers a simple way to build command-line tools using only standard libraries. So I put together a step-by-step example to help walk you through the process. To write a Go program, you’ll need Go setup up on your computer [https://golang.org/doc/install]. If you’re not familiar with Go and want to spend a little extra time learning, you can take the Go tour [https://tour.golang.org/welcome/1] to get started! In this example, we’ll create a command-line tool called stringparse, that will cou

4 min Automation and Orchestration

Bro Series: The Programming Language

Synopsis: Bro [https://www.bro.org/]is a network security monitoring platform. The reason for calling it a platform is due to the fact that Bro is a domain specific programming language and a collection of tools and APIs. Together, they comprise a platform for network monitoring. In this article, we will attempt to solidify the fact that Bro is a language by using it as such. Data Types The Bro scripting language supports the following built-in types [https://www.bro.org/sphinx/script-reference

1 min IT Ops

Integrating Logentries with OpsGenie: 3 Easy Steps

Real-time alerts [https://logentries.com/product/alerting-and-reporting/] are only as good as their ability to successfully reach their intended audience. If an alert recipient only checks email once every several hours, email alerts would not be well suited for real-time notification. It’s for this reason that Logentries makes it easy to integrate with popular 3rd party tools that DevOps professionals are already using, including Slack [https://docs.logentries.com/docs/partner-notifications#

8 min Komand

Defender Spotlight: April C. Wright of Verizon Enterprise Services

Welcome to Defender Spotlight! In this weekly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how._ Today, we're talking with April Wright. She is currently working for Verizon Enterprise Services as a Security Program Lead, and is a fellow lover of security defenses. April is devoted to teaching, creating, learning, and he

4 min IT Ops

Exporting Logentries data with Leexportpy

Leexportpy, the Logentries utility that exports your log data to 3rd parties, has built-in support for various services such as Kafka, Geckoboard and Hosted Graphite. Without any modification to the current code, you can use these services to extract your Logentries data. To begin, make sure your read-write or read-only API key is correctly placed in the LE section of your configuration file as shown below. Also make sure you have read the first blog post of this series. [/2016/07/introductio

7 min IT Ops

What exactly is an Event-loop?

“The price of reliability is the pursuit of the utmost simplicity” – C.A.R Hoare Rather than doing another all-out performance post, I’ll look at some aspects of asynchronous I/O today instead: what it is at a high level, what it isn’t and why you would use it. There aren’t many aspects of programming today that are as saturated with buzzwords and misinformation as asynchronous IO and some of the frameworks which build on top of this. If you work with server code which has to handle a nontri