The longer I spend staring at Splunk, the more I wish something; anything; would happen. Sure; there is data, logs, numerous events which make my eyes bleed. But it’s not actionable; my eyes, brain, and emotions have preconditioned me to skip, avoid and eventually discard information without setting off any alarms. The tedium of my daily routine creates gaps in an otherwise “secure” environment. If only there were a way to know which events to review.

Enter Security Orchestration Automated Response (S.O.A.R.) platforms, the hotter cousin of Security Information and Event Management (SIEM) software. The 2019 and beyond buzzword for…

👋 Hello again, today we will be continuing our adventure with the excellent S.O.A.R solution, The Hive. Today's post is all about initial installation and configuration to provide a playground for future posts on the subject. At the end of this article, we will have a series of Docker containers deployed and communicating, which will set the groundwork for:

  • Incident Response(IR) workflows, playbooks, and reporting
  • Automated analysis via The Hive Analyzers
  • Automated response via The Hive Responders
  • Custom integrations and extendability via Hive4py

This series is intended to highlight the functionality frequently utilized professionally and provide insight into Incident Response…

All hail the king

Nginx is the existing gold standard of reverse proxies. Released in 2004, it has dominated the proxy server market for the better part of 20 years. Nginx is also extremely frustrating for your average tinkerer, like me. It’s an old-school, no-frills, jack of all trades application. Which, when utilized correctly, meets and exceeds most business cases.

Unless, of course, you need certificates, hate writing routes, or require load-balancing. While Nginx supports all this great technology, it is largely reliant on other stacks to complement it. Having spent more time than I will admit searching, yelling, and reviewing Stack Overflow answers…

Greetings; first-time writer, long-time reader. With this quasi-blog meets serious attempt at improving my writing skills, I want to introduce those who bless me with their valuable time to some key areas in Digital Forensics & Incident Response.

So Hello!

Through this series, I will attempt to address the following functional areas within Security Operations:

  • Security Orchestration and Automated Response
  • Security Incident Response Platforms
  • Digital Forensics and Incident Response

I will attempt to keep topics to Free and Open Source toolsets (E.g., PLASO, The Hive, MISP, etc..) while breaking out installation, use, and automation of the toolset. I hope that together we can filter the noise and improve your process flows.

If I’ve piqued your interest, stay tuned; more to follow.

Ryan Kelleher

Information Systems Security Officer @ SAAS Company

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store