The blog outlines the configuration and initial usage of Arkime on an Ubuntu VM, emphasizing the connection to an Elasticsearch database. It details the Arkime UI features, including session traffic viewing, histogram adjustments, geolocation mapping, and Session Profile Information analysis. Future posts will explore search functions and advanced traffic analysis.
Author Archives: robertbennettfb87d63221
N8N automation tool (installation and configuration using docker in Linux)
n8n is a powerful open-source workflow automation tool designed to help engineers streamline processes. This blog details the installation of n8n using Docker on an Ubuntu 24.04.2 LTS virtual machine. Step-by-step commands for setting up Docker and creating a demo account are provided, leading to the n8n dashboard for workflow creation.
Powershell commands for Security and System Administration (Part 2)
This blog post presents useful PowerShell commands aimed at security engineers and system administrators, focusing on audit and log analysis, malware and threat hunting, and system hardening. Key commands include monitoring login events, checking for suspicious scheduled tasks, verifying Windows Defender status, and disabling SMBv1 to enhance system security.
Powershell commands for Security and System Administration (Part 1)
The blog outlines essential PowerShell commands for system administration, focusing on fault investigation, security assessments, and incident response. It covers commands for system and process monitoring, network and firewall analysis, and user and permission management. The author intends to develop their skills and provide a valuable resource for similar tasks.
Vectr Blue/Red Team assessment tool (installation and configuration in Linux)
VECTR is a platform for tracking and optimizing red and blue team testing. It allows organizations to simulate attack scenarios and improve detection capabilities. This blog covers installation on Ubuntu 24.04 LTS using Docker, detailing prerequisites, setup steps, and initial navigation of the application with default credentials. Future topics will include advanced configurations.
Running an Elasticsearch cluster using Docker Compose (Linux).
In this blog I will be installing Elasticsearch on Linux using Docker Compose. Unlike the previous Docker blog, Docker compose will streamline the setup process by defining and managing multi-container Docker applications, ensuring your Elasticsearch instance is up and running quickly and efficiently. I am using an Ubuntu 24.04 LTS Virtual Machine within VMware forContinue reading “Running an Elasticsearch cluster using Docker Compose (Linux).”
OpenCTI Threat Intelligence Platform (adding connectors and feeds)
This blog outlines the integration of two external-import connectors, MITRE ATT&CK and AbuseIPDB, into the OpenCTI platform to enhance Threat Intelligence data ingestion. It provides step-by-step instructions to configure these connectors using docker-compose.yml, including necessary adjustments for URLs and API keys to facilitate data import.
OpenCTI Threat Intelligence Platform (deployed using Ubuntu and Docker-Compose)
Deploying OpenCTI, a powerful threat intelligence platform, using Docker Compose on an Ubuntu virtual machine is a quick and efficient way to set up a scalable cybersecurity solution. OpenCTI provides analysts with tools to visualise, analyse, and share threat data seamlessly. By leveraging Docker Compose, you can simplify the deployment process, ensuring all necessary servicesContinue reading “OpenCTI Threat Intelligence Platform (deployed using Ubuntu and Docker-Compose)”
Arkime Network Analysis & Packet Capture tool (deploying a local demonstration instance)
Arkime is an open-source tool for network traffic capture and analysis, streamlining packet capture with detailed searches and integration with security tools. This blog guides on installing Arkime on Ubuntu using ElasticSearch as the backend. It covers setup and configuration steps, culminating in accessing the Arkime viewer for network insights.
An introduction to Elasticsearch Query Language (ES|QL) – Part 2
This blog post discusses advanced ES|QL features that enhance querying efficiency, including histogram data aggregation, the WHERE command for precise filtering, field type conversions for accurate data handling, and managing multivalued fields. Examples illustrate these concepts, emphasizing their application for effective data insights in Elasticsearch.
You must be logged in to post a comment.