Good morning everyone, It’s been a long while for a new more technical post. Here’s a problem I encountered upon upgrading my Elasticsearch main server from 7.x to 8.12. I used the .deb from Elastic and everything seemed to go well for Elasticsearch and Kibana. When checking ingested packet logs from Zeek I noticed the…
Read more
At the top of most lists to better secure your network is to have an up to date inventory of physical and virtual assets connected to your network. Most security controls frameworks have as their most fundamental controls to implement. For corporations with mature procurement processes this is easier, but what about a home user…
Read more
Once in a while I reset my Elasticsearch config to stay up to date on new developments and see how I can improve my setup. I thought to add a secure certificate to the front end of my elastic instance. There’s alot of documents out there but not something that brings it all together. This…
Read more
Hi I’m David and I love working with technology. Back in the olden days I was fascinated by a project where in elementary school where we would write letters to pen pals in a different city’s school. What was special about this project was that the letters were written on a computer and then all…
Read more
Hello Everyone, I hope everyone reading this is healthy and safe. Some sad news today, intelstack.com is no more. For those of you who followed my Zeek IDS Installation on Raspberry PI Part 2 blog, intelstack was the heart of the threat intel feed to Zeek. Thankfully, other intrepid users have done some great work…
Read more
Hello friends, I hope everyone has been able to stay safe and healthy. I have been adding features to my Zeek and Elasticsearch environments, in this installment I will show how to add custom country, state and city information to your Elasticsearch entries based upon source and destination IP networks. It’s a game changer in…
Read more
(Updated Sept 06 2021 – fixed images) Welcome back. In part 1, I described some tactics to better harden your PCs and the ISP device that doesn’t come secure by default. In this part I’ll go into greater detail of some additional architecture and technology that can be used to better secure your home networks.…
Read more
Everyone seems to have a post like this, I thought I’d pile on and share my thoughts and process for my home network. It’s been built over the last few years and I feel I have a good handle on what’s coming in and out. I hope this series of posts can help the causal…
Read more
Updated 03-14-2021 – added new beats, golang version, extra warnings Updated 10-02-2021 – Redid screenshots reflecting Elastic 7.15, move to Zeek filebeat module & pre-canned reports Hi Folks! It has been awhile, thank you for your patience. I have been doing some work in respect to the visualization of Zeek logs. This is a long…
Read more
