Posts by Rapid7

Working with Bro Logs: Queries By Example

Synopsis: Bro [http://bro.org/], a powerful network security monitor, which by default churns out ASCII logs in a easily parseable whitespace separated (column) format from network traffic, live or PCAP. Because this logs are in the aforementioned format it makes them very hackable with the standard unix toolset. If you’re an experienced unix user with ample networking knowledge you probably have all the know-how to immediately pull useful data from Bro logs. If you’re not familiar with the stan

3 min Komand

SOC Series: When to Setup a Security Operations Center

To build a successful security function, you need to coordinate across people, processes, and technology. And the stakes have never been higher than they are today when it comes to information security, which is why many businesses are looking for ways to centralize security operations by way of a security operations center (SOC) [https://www.rapid7.com/fundamentals/security-operations-center/] Check out our Ebook, Presenting Upward: How to Showcase SecOps Metrics that Matter [https://www.rapid

15 min Automation and Orchestration

Nagios Series: Deployment Automation Tips and Tricks

Synopsis: In this article I will be sharing some ideas that I’ve used from my experiences that will help streamline and take a lot of the work out of managing a Nagios deployment. I will go into multiple ways to manage your deployment. As you read on I will introduce a more complete solution. We will begin with git and cron, extend that to use subtrees, and then move along to an enterprise deployment with Puppet and ERB along with the aforementioned tools. Git: My philosophy is that just about

1 min IT Ops

Integrating Logentries With .NET The How and Why

A robust logging strategy opens up a world of potential improvements for your .Net applications through application logging. Application logging provides valuable insight. Insight that can only benefit your network application stack since your .Net application is the front line for enhancing your customer’s experience. Bringing meaning to all the potential information that your .Net application can collect is what Logentries does best. Logentries makes getting this valuable information into y

6 min Komand

Building SVG Maps with React

Here at Komand, we needed a way to easily navigate around our workflows. They have the potential to get complex quickly, as security workflows involve many intricate steps. To accomplish this task, we took an SVG approach to render our workflow dynamically (without dealing with div positioning issues). This gave us the power of traditional graphics to do a variety of manipulations on sub components. In this walkthrough, we will useInteractive SVG Components [http://www.petercollingridge.co.u

4 min IT Ops

Intrinsically fast: more JVM performance tinkering

I didn’t expect my last post [/2016/03/14/a-point-of-contention-cache-coherence-on-the-jvm/] on JVM perf to be so well received, so I thought I’d carry on digging into why your code does (or doesn’t) run fast! Let’s forget about concurrency for now and instead focus on the executable machine code that the Java Virtual Machine (and particularly HotSpot) generates. In Java-land it’s pretty common to hear people mention stuff about ‘warmup times’, especially in the context of an incendiary micro

7 min IT Ops

Implementing Self-Describing Log Data Using NodeJS

In my previous article, How to Ensure Self-Describing Log Data using Log4Net [/2016/04/how-to-ensure-self-describing-log-data-using-log4net/], I showed you a technique that made structuring your logging information as key-value and JSON under Log4Net an easier undertaking. In this article I am going to apply the same concepts to NodeJS. I’ll show you how to make it so that so you can ensure logging uniformity among all the NodeJS developers in your enterprise with little to no additional effo

3 min IT Ops

How To: Send Logentries Alerts to BigPanda

Working in customer support we are usually the first to receive feature requests, integration requests or recommendations. We would then relay this to our product team. But we often get requests that we can tackle ourselves whether this may be small coding tasks or account changes. So when we heard a user wanted to be able to forward their Logentries alerts to BigPanda.io, we made that happen. When any issues occur, time to resolution matters. Because Logentries streams your log data in real-

4 min Automation and Orchestration

Nagios Series: DNS Resiliency

Synopsis: Host operating system resolver libraries are not very good at dealing with an unreachable nameserver. Even if you specify multiple nameservers in resolv.conf and one of them goes down you will experience a period where connections will not be made because resolution is not known. There are a number of resolver tuning options but even reducing the timeout to 1 second there will result in a delay. This affects nearly all unix-like operating systems including GNU/Linux. In this article w

5 min IT Ops

Raspberry Pi, Logs and IoT - Sending Pi Log and Sensor data to Logentries

In the previous blog post [/2016/02/iot-made-real-using-ti-sensortag-data-with-logentries/] we learned how to send IoT data from the TI CC 2650 SensorTag to Logentries using Node-Red and directly using Linux. This Blog will show how to send data from a Raspberry Pi device to Logentries [https://logentries.com/centralize-log-data-automatically/?le_trial=raspberry_pi-logentries_blog-post_cta-create_trial&utm_campaign=raspberry_pi&utm_source=logentries_blog&utm_medium=post_cta&utm_content=create_

4 min IT Ops

A Query Language for Your Logs

Application logging is the software world’s version of archeology. At runtime, your application lives in a rich, colorful, 3-dimensional world of flowing aqueducts, packed coliseums, and bustling streets. There’s more going on than can possibly be captured. When you’re trying to reproduce and correct a reported issue, you play archeologist. The vibrant, live world is gone, and you’re left to piece reality back together using only decorated pots, spearheads, and fragments of frescoes. In oth

4 min Komand

The SOC of the Future: Predictions from the Front Line

There is no perfect security operations center, and I say that having worked at one in the past [/2016/05/03/6-lessons-i-learned-from-working-in-a-soc/] and collaborated with many others since then. That said, as an industry, we are always evolving and improving. Recently, I shared 6 lessons learned while working in a SOC [/2016/05/03/6-lessons-i-learned-from-working-in-a-soc/], and today I want to talk about where we at Komand believe the SOC is heading in the future and why. Here are seven pr

6 min IT Ops

Integrating the Logentries Javascript Library With React

React.js has proven itself a powerful contender in the world of Javascript frameworks. Arguably, it has become one of a handful of libraries that all web developers should consider for current or upcoming projects. Understanding how it integrates with other libraries in your technology stack is an important part of that consideration. If you currently use, or are considering using Logentries [https://logentries.com/centralize-log-data-automatically/?le_trial=react-logentries_blog-post_cta-crea

6 min Automation and Orchestration

Introduction to osquery for Threat Detection and DFIR

What is osquery? osquery is an open source tool created by Facebook [https://github.com/facebook/osquery] for querying various information about the state of your machines. This includes information like: * Running processes * Kernel modules loaded * Active user accounts * Active network connections And much more! osquery allows you to craft your system queries using SQL statements, making it easy to use by security engineers that are already familiar with SQL. osquery is a flexible tool