14 min
Automation and Orchestration
Working with Bro Logs: Queries By Example
Synopsis:
Bro , a powerful network security monitor, which by default
churns out ASCII logs in a easily parseable whitespace separated (column) format
from network traffic, live or PCAP. Because this logs are in the aforementioned
format it makes them very hackable with the standard unix toolset. If you’re an
experienced unix user with ample networking knowledge you probably have all the
know-how to immediately pull useful data from Bro logs. If you’re not familiar
with the stan
3 min
Komand
SOC Series: When to Setup a Security Operations Center
To build a successful security function, you need to coordinate across people,
processes, and technology. And the stakes have never been higher than they are
today when it comes to information security, which is why many businesses are
looking for ways to centralize security operations by way of a security
operations center (SOC)
Check out our Ebook, Presenting Upward: How to Showcase SecOps Metrics that
Matter
15 min
Automation and Orchestration
Nagios Series: Deployment Automation Tips and Tricks
Synopsis:
In this article I will be sharing some ideas that I’ve used from my experiences
that will help streamline and take a lot of the work out of managing a Nagios
deployment. I will go into multiple ways to manage your deployment. As you read
on I will introduce a more complete solution. We will begin with git and cron,
extend that to use subtrees, and then move along to an enterprise deployment
with Puppet and ERB along with the aforementioned tools.
Git:
My philosophy is that just about
5 min
Nexpose
Focusing on Default Accounts - Targeted Analysis With Nexpose
In my last blog post I went in depth on Impact Driven Analysis and Response
, an often-overlooked but very handy
analysis option in Nexpose. Today I'd like to talk about another great option
for analysis - filtering assets based on their discovered vulnerabilities by
Vulnerability Category. We will use Filtered Asset search to take a focused look
at a specific category: Default Account findings.
Default accounts are high significance findings with low e
1 min
IT Ops
Integrating Logentries With .NET The How and Why
A robust logging strategy opens up a world of potential improvements for your
.Net applications through application logging. Application logging provides
valuable insight. Insight that can only benefit your network application stack
since your .Net application is the front line for enhancing your customer’s
experience.
Bringing meaning to all the potential information that your .Net application can
collect is what Logentries does best. Logentries makes getting this valuable
information into y
4 min
Nexpose
Impact Driven Risk Analysis and Response With Nexpose
Today I'd like to highlight an often overlooked but very handy analysis option
in Nexpose - filtering assets based on their discovered vulnerability CVSS
Impact Metrics (Confidentiality, Integrity, Availability).
We will use RealContext tags and Filtered Asset Search to answer the following
questions:
* Are there any Availability Impact findings on High Availability systems? (
i.e. web servers, authentication servers)
* Are there any Confidentiality Impact findings on systems with Highly
6 min
Komand
Building SVG Maps with React
Here at Komand, we needed a way to easily navigate around our workflows. They
have the potential to get complex quickly, as security workflows involve many
intricate steps.
To accomplish this task, we took an SVG approach to render our workflow
dynamically (without dealing with div positioning issues). This gave us the
power of traditional graphics to do a variety of manipulations on sub
components.
In this walkthrough, we will useInteractive SVG Components
4 min
IT Ops
Intrinsically fast: more JVM performance tinkering
I didn’t expect my last post
on JVM perf to
be so well received, so I thought I’d carry on digging into why your code does
(or doesn’t) run fast! Let’s forget about concurrency for now and instead focus
on the executable machine code that the Java Virtual Machine (and particularly
HotSpot) generates.
In Java-land it’s pretty common to hear people mention stuff about ‘warmup
times’, especially in the context of an incendiary micro
7 min
IT Ops
Implementing Self-Describing Log Data Using NodeJS
In my previous article, How to Ensure Self-Describing Log Data using Log4Net
, I showed you
a technique that made structuring your logging information as key-value and
JSON under Log4Net an easier undertaking. In this article I am going to apply
the same concepts to NodeJS. I’ll show you how to make it so that so you can
ensure logging uniformity among all the NodeJS developers in your enterprise
with little to no additional effo
3 min
AppSpider
RESTful Web Services: Security Testing Made Easy (Finally)
AppSpider's got even more Swagger now!
As you may remember, we first launched improved RESTful web services security
testing
last year. Since that time, you have been able to test the REST APIs that have
a Swagger definition file, automatically without capturing proxy traffic. Now,
we have expanded upon that functionality so that AppSpider can automatically
discover Swagger definition files as part of the
3 min
IT Ops
How To: Send Logentries Alerts to BigPanda
Working in customer support we are usually the first to receive feature
requests, integration requests or recommendations. We would then relay this to
our product team. But we often get requests that we can tackle ourselves whether
this may be small coding tasks or account changes. So when we heard a user
wanted to be able to forward their Logentries alerts to BigPanda.io, we made
that happen.
When any issues occur, time to resolution matters. Because Logentries streams
your log data in real-
2 min
Metasploit
Rapid7 Sponsors Tech For Troops Hacking Convention
This is a guest blog by Eliza May Austin, a student at Sheffield Hallam
University in the United Kingdom. We commend Eliza for her involvement in and
commitment to Tech for Troops and we're honored to be able to participate.
In March of 2016, Rapid7 sponsored the first ever Tech For Troops hacking
convention (TFTcon), hosted at Sheffield Hallam University. TFTcon is a hacking
convention specific to ex-military people and its purpose is to bridge the gap
in the information security industry with
4 min
Automation and Orchestration
Nagios Series: DNS Resiliency
Synopsis:
Host operating system resolver libraries are not very good at dealing with an
unreachable nameserver. Even if you specify multiple nameservers in resolv.conf
and one of them goes down you will experience a period where connections will
not be made because resolution is not known. There are a number of resolver
tuning options but even reducing the timeout to 1 second there will result in a
delay. This affects nearly all unix-like operating systems including GNU/Linux.
In this article w
5 min
IT Ops
Raspberry Pi, Logs and IoT - Sending Pi Log and Sensor data to Logentries
In the previous blog post
we learned how
to send IoT data from the TI CC 2650 SensorTag to Logentries using Node-Red and
directly using Linux. This Blog will show how to send data from a Raspberry Pi
device to Logentries
5 min
InsightIDR
5 Methods For Detecting Ransomware Activity
Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.