Discover and read the best of Twitter Threads about #evebox
Most recents (1)
(1/of a few) Doing some training #threathunting runs with #suricata -with pcap from bit.ly/3jNUCyw
Fun fact: Alerts count only for 8% of the total logs produced - we also have protocol logs like Flow records, KRB5, SMB, DNS, TLS, HTTP, DCERPC,Fileinfo
Fun fact: Alerts count only for 8% of the total logs produced - we also have protocol logs like Flow records, KRB5, SMB, DNS, TLS, HTTP, DCERPC,Fileinfo
(2/of a few)
Just as regular protocol and flow logging of #Suricata gives us:
633 FLOW logs
295 HTTP logs
182 TLS logs
130 DNS logs
114 SMB logs
90 DCERPC logs
66 FILEINFO logs
23 KRB5 logs
2 NTP logs
Let's see some examples of the generated data...
Just as regular protocol and flow logging of #Suricata gives us:
633 FLOW logs
295 HTTP logs
182 TLS logs
130 DNS logs
114 SMB logs
90 DCERPC logs
66 FILEINFO logs
23 KRB5 logs
2 NTP logs
Let's see some examples of the generated data...
(3/of a few)
Quick and dirty cmd look at the DNS logs generated by #Suricata gives us the domain list for our #threathunting review
Couple of those jump out (at lest to me)
Quick and dirty cmd look at the DNS logs generated by #Suricata gives us the domain list for our #threathunting review
Couple of those jump out (at lest to me)
