ssi0202
ssi0202
fresh install on ubuntu the logstash log is full of this, and no data is getting ingested. I have just set up a winlogbeat to ship data from a client...
initial compromise via browser (drive by) spearphising (office suite launches cmd powershell etc.) tested with embeded code in office documents to launch browser and cmd/powershell you will need to do...
hi the default alert rules in sentinel for Threat Intelligence uses the security event 4688 as a source, woudl it be possible to rewrite this rule so i can use...
don't you guys talk to each other at MS security dev/teams/products or am I missing something here? ;-) awesome work!!! really appriciated!
not knowing alot about aws but is there anything in here that would make it impossible just to run this in docker