All Posts

5 min Automation and Orchestration

How to Install and Use PSAD IDS on Ubuntu Linux

Synopsys PSAD also known as Port Scan Attack Detector is a collection of lightweight system daemons that run on Linux system and analyze iptables log messages to detect port scans and other suspicious traffic.PSAD is used to change an Intrusion Detection System into an Intrusion Prevention System. PSAD uses Snort rules for the detection of intrusion events. It is specially designed to work with Linux iptables/firewalld to detect suspicious traffic such as, port scans, backdoors and botnet comman
4 min Automation and Orchestration

How to Install and Configure Bro on Ubuntu Linux

Synopsis Bro is a free open source Unix based network analysis framework started by Vern Paxson. Bro provides a comprehensive platform for collecting network measurements, conducting forensic investigations and traffic baselining. Bro comes with powerful analysis engine which makes it powerful intrusion detection system and network analysis framework. Bro comes with a powerful set of features, some of them are listed below: * Runs on commodity hardware and supports Linux, FreeBSD and MacOS.

4 min Automation and Orchestration

Information Security Risk Management - Introduction

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. Very often technical solutions (cybersecurity products) are presented as “risk management” solutions without process-related context. Modern cybersecurity risk management is not possible without
4 min Automation and Orchestration

Information Security Risk Management - Tiered Approach of NIST SP 800-39

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. In this series of articles, I explain notions and describe processes related to risk management. I also review NIST and ISO standards related to information security risk management. In theprevious article

4 min Automation and Orchestration

Information Security Risk Management Cycle - Context Establishment Phase

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. In this series of articles, I explain notions and describe processes related to risk management. I also review NIST and ISO standards related to information security risk management. In the previous article, I reviewed the tiered risk management approach described in NIS
5 min Automation and Orchestration

The Effective Components of Security Orchestration

It’s one thing to have a plan for security orchestration , but it’s another to get it up and running and use it to its full potential. At this point, most security professionals know that security orchestration and automation are a “need to have,” not a “nice to have,” but to fully leverage security orchestration, there are a few considerations that will help yo
6 min InsightOps

What is BDD Testing: Practical Examples of Behavior Driven Development Testing

The Need for Behavior Driven Development (BDD) Testing Tools It should come as no surprise to learn that testing is at the heart of our engineers' daily activities. Testing is intrinsic to our development process, both in practical terms and in our thinking. Our engineers work with complex systems that are made up of complex components. Individual components may have many external dependencies. When testing, the scope of what is to be tested is important – it can be system wide, focused on a p
5 min InsightOps

5 Ways to Use Log Data to Analyze System Performance

Analyzing System Performance Using Log Data Recently we examined some of the most common behaviors that our community of 25,000 users looked for in their logs, with a particular focus on web server logs. In fact, our research identified the top 15 web server tags and alerts created by our customers—you can read more about these in our https://logentries.com/doc/community-insights/ section—and you can also easily create tags or alerts based on the patterns to identify these behaviors in your sys
2 min Metasploit

Metasploit Wrapup: June 16, 2017

A fresh, new UAC bypass module for Windows 10! Leveraging the behavior of fodhelper.exe and a writable registry key as a normal user, you too can be admin! Unpatched as of last week, this bypass module works on Windows 10 only, but it works like a charm! Reach out and allocate something This release offers up a fresh denial/degradation of services exploit against hosts running a vulnerable version of rpcbind. Specifically, you can repea
4 min Microsoft

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share and establishing its position as the most-used, most-likely-to-renew

4 min Public Policy

Rapid7 issues comments on NAFTA renegotiation

In April 2017, President Trump issued an executive order directing a review of all trade agreements. This process is now underway: The United States Trade Representative (USTR) – the nation's lead trade agreement negotiator – formally requested public input on objectives for the renegotiation of the North American Free Trade Agreement (NAFTA). NAFTA is a trade agreement between the US, Canada, and Mexico, that covers a huge range of topics, fr
4 min Application Security

What Is User Enumeration?

User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system.

2 min Vulnerability Disclosure

R7-2017-16 | CVE-2017-5244: Lack of CSRF protection for stopping tasks in Metasploit Pro, Express, and Community editions (FIXED)

Summary A vulnerability in Metasploit Pro, Express, and Community was patched in Metasploit v4.14.0 (Update 2017061301) . Routes used to stop running tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenti
2 min Microsoft

Patch Tuesday - June 2017

This month sees another spate of critical fixes from Microsoft, including patches for a number of Remote Code Execution (RCE) vulnerabilities. Two of these are already known to be exploited in the wild ( CVE-2017-8543 and CVE-2017-8464

3 min Automation and Orchestration

Will Investing in Security Orchestration Make Your SIEM Obsolete?

As more companies continue to adopt security orchestration, many are now wondering if their security information and event management (SIEM) systems will soon become obsolete. Security teams use SIEMs to manage and correlate alerts from detection tools with other data and logs. While SIEMS help to corral alerts and log data, they often don’t do much in the way of reducing alerts or investigatory tasks after an alert comes in. Security teams have many

Popular Topics

Tags