Wazuh! It works! Not only does it work, but it’s awesome. We’re also covering detection as part of a security program. You can’t have good security without detection. We’re also throwing in a bit of VMware management. Can’t manage labs in VMware without some management know how.

LINKS

1. Wazuh · The Open Source Security Platform

2. Lab Instructions - Emulation of ATT&CK techniques and detection with Wazuh

3. Sysmon config from SwiftOnSecurity

4. Wazuh Server Rules

5. Video: Installing The EDR Solution Wazuh

FIND US ON

1. Twitter - DamienHull

2. YouTube

Time for more Wazuh and Sysmon. This time we’re adding Atomic Red Team for testing. This is starting to look really good. Unfortunately we’re missing something.

LINKS

1. Wazuh · The Open Source Security Platform

2. Lab Instructions - Emulation of ATT&CK techniques and detection with Wazuh

3. Sysmon config from SwiftOnSecurity

4. Wazuh Server Rules

5. Video: 163. Use Sysinternals Sysmon with Wazuh: The Swiss Army Knife for Windows Monitoring

FIND US ON

1. Twitter - DamienHull

2. YouTube

We’ve packed a lot into one episode. We’re reviewing Dorothy’s lab, Wazuh & Sysmon and Microsoft 365. We do have some good news. Got Sysmon installed. We also have access to good Microsoft 365 instructions and a book. We’re moving in the right direction.

LINKS

1. Sysmon Installation

2. Microsoft 365 Business Premium Partner Playbook and Readiness Series

3. Office 365 for IT Pros

4. ITProMentor: The Microsoft 365 Consultant’s Bundle

FIND US ON

1. Twitter - DamienHull

2. YouTube

There are many ways to answer this question. First, you need some skills. For this ongoing project we’ve decided to focus on Windows. Server 2019, Windows 10 and 11, and a bit of networking for good measure. One has to start somewhere.

FIND US ON

1. Twitter - DamienHull

2. YouTube

We’re in the process of testing Microsoft Defender for Business. This includes vulnerability management, endpoint detection and response and a lot more. This could be the security solution we’ve been looking for.

LINKS

1. Overview of Microsoft Defender for Business

2. Video: Onboarding Windows 10 devices to Defender for Business

FIND US ON

1. Twitter - DamienHull

2. YouTube

Of course security solutions aren’t 100% perfect. So, why are people building security programs around perfect solutions?

LINKS

1. YouTube Video: "Prevention First": An Approach to Cybersecurity w/ Minerva Labs!

FIND US ON

1. Twitter - DamienHull

2. YouTube

Time to go deeper down the Sysmon rabbit hole. Looks like Wazuh does a lot more than we thought.

LINKS

1. Sysmon

2. Wazuh

FIND US ON

1. Twitter - DamienHull

2. YouTube

Time to start thinking about our Sysmon deployment. There are a lot of moving parts to this project. It won’t be a simple install on Windows 10. That’s just a small part of the project.

LINKS

1. Security Onion

2. Getting started with Elastic Stack

3. Sysmon

4. Wazuh

FIND US ON

1. Twitter - DamienHull

2. YouTube

We’re conducting a mini security audit. We’ve got our short list of things we’re doing for security. Are they working for us? Are there things we need to change? How are we doing?

LINKS

1. Security Onion

2. Getting started with Elastic Stack

3. Sysmon

4. AppLocker

FIND US ON

1. Twitter - DamienHull

2. YouTube

It works! We have application allow listing with AppLocker. Pushed out the settings from Intune. This is awesome!

NOTE: No links to instructions for Intune and AppLocker. I need to find good documentation or write my own.

LINKS

1. Security Onion

2. Getting started with Elastic Stack

3. Sysmon

4. AppLocker

FIND US ON

1. Twitter - DamienHull

2. YouTube