Today's quick #malware analysis with #SecurityOnion: FAKEBAT, REDLINE STEALER, and GOZI/ISFB/URSNIF pcap from 2023-02-03!

Thanks to @malware_traffic for sharing this pcap!

More screenshots:
blog.securityonion.net/2023/02/quick-…

#infosec
#infosecurity
#ThreatHunting
#IncidentResponse @malware_traffic Let's review some of the data that #SecurityOnion generates from this traffic!

When you import the pcap using so-import-pcap, it will generate a hyperlink that will take you to the Overview dashboard:

#SecurityOnion 2.3.180 now available!

Featuring:
✅#Elastic 8.4.3
✅#Suricata 6.0.8
✅#Zeek 5.0.2
✅New and improved #sysmon dashboards!

Thanks to @markrussinovich and team for #sysmon!

Need a #sysmon config? Check out @SwiftOnSecurity's!

Blog post:
blog.securityonion.net/2022/10/securi… @markrussinovich @SwiftOnSecurity Our updated #Sysmon Overview dashboard gives you a nice overview of all of the different types of #Sysmon data you are collecting:

#SecurityOnion 2.3.70 now available!

blog.securityonion.net/2021/08/securi…

#PeelBackTheLayers
#MakeYourAdversariesCry
#ThreatHunting
#NetworkSecurityMonitoring
#EnterpriseSecurityMonitoring
#LogManagement
#infosec
#DFIR If you want the quickest and easiest way to try out #SecurityOnion, just follow the screenshots below to install an Import node and then optionally enable the Analyst Workstation. This can be done in a minimal VM with only 4GB RAM!