Looking for SIEM advice.
I attend a cybersecurity club at my uni, and I'm researching for which SIEM to pick. Turns out we have Graylog planned for logging, and Wazuh I don't even know for what purpose. Then there's a third server that's purpose is SIEM.
My criteria is that the SIEM is free, works well in a Windows environment, and probably isn't one of the two mentioned. We have teams (Windows, Linux, Networking) and there are probably around 20-30 people total in the club.
So what I'm asking is what SIEM is the best for our purposes?
🗣SufficientPeanut7420
Student? Check out security onion. It's a Linux distro with a whole bunch of tools for capture, log aggregation and analysis. Basically, open source SIEM.
It has a learning curve, but you can just start with some small tools and expand out. If you get a handle on it, it sets you up great for using other tools, too.
👤homelaberator
Wazuh fits yours case and you already have it. You dont need graylog and Wazuh. Most siems are 1000s, if your budget is zero you certainly won’t be in the Splunk and Alienvault realms.
👤AngrySpaceBadger
SIEM is definitely one of those technologies that require a lot of upfront development/engineering just to get into a working state.
Realistically I’d see if your schools IT department will be able to sponsor a small instance with a commercial vendor for the best experience.
👤GeneralRechs
🎖@malwr
I attend a cybersecurity club at my uni, and I'm researching for which SIEM to pick. Turns out we have Graylog planned for logging, and Wazuh I don't even know for what purpose. Then there's a third server that's purpose is SIEM.
My criteria is that the SIEM is free, works well in a Windows environment, and probably isn't one of the two mentioned. We have teams (Windows, Linux, Networking) and there are probably around 20-30 people total in the club.
So what I'm asking is what SIEM is the best for our purposes?
🗣SufficientPeanut7420
Student? Check out security onion. It's a Linux distro with a whole bunch of tools for capture, log aggregation and analysis. Basically, open source SIEM.
It has a learning curve, but you can just start with some small tools and expand out. If you get a handle on it, it sets you up great for using other tools, too.
👤homelaberator
Wazuh fits yours case and you already have it. You dont need graylog and Wazuh. Most siems are 1000s, if your budget is zero you certainly won’t be in the Splunk and Alienvault realms.
👤AngrySpaceBadger
SIEM is definitely one of those technologies that require a lot of upfront development/engineering just to get into a working state.
Realistically I’d see if your schools IT department will be able to sponsor a small instance with a commercial vendor for the best experience.
👤GeneralRechs
🎖@malwr
Reddit
From the AskNetsec community on Reddit
Explore this post and more from the AskNetsec community
🌐 "WebPalm: Unleash Website Secrets for Cybersecurity!" 🌐
🔎 Discover WebPalm : Unleash Website Secrets! 🌐
Attention Cybersecurity Enthusiasts! 🛡️
Introducing WebPalm, the powerful command-line tool that unlocks the hidden treasures of websites! 🕵️♂️ Traverse websites, create a complete tree of webpages and links, and explore their interconnectedness like never before.
🔍 Extract Data with Ease: WebPalm can use regular expressions to extract data from webpage bodies, perfect for web scraping and gathering valuable information.
🚀 Fast and Reliable: Enjoy a seamless experience with lightning-fast performance and colorized output for easy error handling.
Join the exploration at:webpalm
Unleash the potential of WebPalm responsibly and dive into the fascinating world of website secrets! 🌟
🗣Adventurous_Dance527
🎖@malwr
🔎 Discover WebPalm : Unleash Website Secrets! 🌐
Attention Cybersecurity Enthusiasts! 🛡️
Introducing WebPalm, the powerful command-line tool that unlocks the hidden treasures of websites! 🕵️♂️ Traverse websites, create a complete tree of webpages and links, and explore their interconnectedness like never before.
🔍 Extract Data with Ease: WebPalm can use regular expressions to extract data from webpage bodies, perfect for web scraping and gathering valuable information.
🚀 Fast and Reliable: Enjoy a seamless experience with lightning-fast performance and colorized output for easy error handling.
Join the exploration at:webpalm
Unleash the potential of WebPalm responsibly and dive into the fascinating world of website secrets! 🌟
🗣Adventurous_Dance527
🎖@malwr
GitHub
GitHub - XORbit01/webpalm: 🕸️ Crawl in the web network
🕸️ Crawl in the web network. Contribute to XORbit01/webpalm development by creating an account on GitHub.
👍1
Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
Trustwave
Healthcare Threat Landscape 2022-2023: Common TTPs Used by Top Ransomware Groups Targeting the Healthcare Sector
The healthcare sector has been under constant threat from cybercriminals due to the sensitive nature of patient data and the valuable information held by healthcare providers. This blog analyzes the ransomware landscape for the healthcare sector for the years…
Within incident response, who are the people who actually analyze/reverse the malware sample?
Unfamiliar with the process, but was looking to learn some new skills soon.
🗣HalfQuarter1250
Well anyone with skill, the role doesn't meters and it all depends ofc on complexity. I would say that such specific role is needed only if reversing is done on daily basis... but I would find that hard to believe unless the company is focused on RM. Most of companies, I would assume have analysts that have a strong and weak sides and they do multiple various tasks base on them...It's similar to programmers...some do frontend some to backend programming, some do both - in cyber is just a little more devided by skillet
👤4n6mole
Not to detract from the conversation, but I couldn’t help but notice that nobody has mentioned that in many cases identifying malicious files and code can be performed by several tools specifically designed to analyze payloads and detonate them in a sandboxed environments.
As others have mentioned out side of an AV company or perhaps a larger enterprise/agency, these tools can fill in as “good enough” solutions for budget conscious organizations.
Virus Total.
Any.Run
OPSWAT FileScan.
and a handful of other services with analysis and TI built right in.
👤Missing_Space_Cadet
Some people hire 3rd party malware analyst. Crowdstrike, red canary, mandiant are some examples of these service providers who will bill you either by the hour or per sample.
Some bigger companies have incident responders who specialize in malware analysis so that the same person responding to the incident is also capable of doing the analysis. Some companies also have an entire team that specializes in malware analysis. This team may also include software engineers who develop internal tools to help conduct and facilitate such analysis.
I've worked as a security engineer for companies that span across all of the above
👤_xpendable_
🎖@malwr
Unfamiliar with the process, but was looking to learn some new skills soon.
🗣HalfQuarter1250
Well anyone with skill, the role doesn't meters and it all depends ofc on complexity. I would say that such specific role is needed only if reversing is done on daily basis... but I would find that hard to believe unless the company is focused on RM. Most of companies, I would assume have analysts that have a strong and weak sides and they do multiple various tasks base on them...It's similar to programmers...some do frontend some to backend programming, some do both - in cyber is just a little more devided by skillet
👤4n6mole
Not to detract from the conversation, but I couldn’t help but notice that nobody has mentioned that in many cases identifying malicious files and code can be performed by several tools specifically designed to analyze payloads and detonate them in a sandboxed environments.
As others have mentioned out side of an AV company or perhaps a larger enterprise/agency, these tools can fill in as “good enough” solutions for budget conscious organizations.
Virus Total.
Any.Run
OPSWAT FileScan.
and a handful of other services with analysis and TI built right in.
👤Missing_Space_Cadet
Some people hire 3rd party malware analyst. Crowdstrike, red canary, mandiant are some examples of these service providers who will bill you either by the hour or per sample.
Some bigger companies have incident responders who specialize in malware analysis so that the same person responding to the incident is also capable of doing the analysis. Some companies also have an entire team that specializes in malware analysis. This team may also include software engineers who develop internal tools to help conduct and facilitate such analysis.
I've worked as a security engineer for companies that span across all of the above
👤_xpendable_
🎖@malwr
Reddit
From the cybersecurity community on Reddit
Explore this post and more from the cybersecurity community
DarkWidow - a Dropper/PostExploitation Tool (or can be used in both situations) targeting Windows
🗣DrinkMoreCodeMore
🎖@malwr
🗣DrinkMoreCodeMore
🎖@malwr
GitHub
GitHub - reveng007/DarkWidow: Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote…
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc...
AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4
🗣PsyOmega
Netsec used to be ahead of the curve. This is like a 6 or 8 day old vuln now. Fall from grace.
👤Lumpzor
I wonder if the fixes drop performance like spectre? The article speculates but actual testing numbers will be interesting.
👤demunted
🎖@malwr
🗣PsyOmega
Netsec used to be ahead of the curve. This is like a 6 or 8 day old vuln now. Fall from grace.
👤Lumpzor
I wonder if the fixes drop performance like spectre? The article speculates but actual testing numbers will be interesting.
👤demunted
🎖@malwr
Tom's Hardware
AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4 (Updated)
A huge Zen 2 leak requires a patch.
Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research
🗣wolfcod
🎖@malwr
🗣wolfcod
🎖@malwr
Check Point Research
Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives - Check Point Research
Executive summary Introduction In early 2023, CPIRT investigated an incident at a European hospital. The investigation showed that the malicious activity observed was likely not targeted but was simply collateral damage from Camaro Dragon’s self-propagating…
Cyber Insurance and the Ransomware Challenge: A study examining the role of cyber insurance in addressing the threats posed by ransomware.
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
www.rusi.org
Cyber Insurance and the Ransomware Challenge
A study examining the role of cyber insurance in addressing the threats posed by ransomware.
Russian organised crime and Ransomware as a Service: state cultivated cybercrime - masters thesis from October 22 - posted July 23
🗣digicat
Hey I just wanted to let you know your newsletters are being blocked by trellix as malicious and unreleaseable for the past few weeks.
👤R1skM4tr1x
🎖@malwr
🗣digicat
Hey I just wanted to let you know your newsletters are being blocked by trellix as malicious and unreleaseable for the past few weeks.
👤R1skM4tr1x
🎖@malwr
figshare
Russian organised crime and Ransomware as a Service: state cultivated cybercrime
Ransomware as a Service (RaaS) has become one of the most significant threats within the cybersecurity landscape, with a ransomware attack occurring every eleven seconds. Despite the growing awareness around RaaS within the cybersecurity community, there…