One of the main advantages of cloud computing is the ability to provision a complete infrastructure using lines of code.

Infrastructure as a code, or IaC, allows more agility, consistency and security.

There are some tools that are commonly used for provisioning and managing infrastructure via code. One of them is Ansible.

Ansible works by configuring client machines from an computer with Ansible components installed and configured. It communicates over normal SSH channels in order to retrieve information from remote machines, issue commands, and copy files. …


Authentication to a directory service allows a single point of authentication for users. Basically, the directory service allows the user to login to different systems from the central repository. It also allows users, groups, members of a group, relationships of trust, etc. to be created to facilitate the auditing of systems and also their security.

The most well-known and used directory service in almost all companies is known as Microsoft Active Directory, created by Microsoft.

With the popularization of the Linux operating system, a Directory Systems service was made possible from that operating system too.

And that is what we…


Monitore the health of your environment is an important pillar of security. This is achieved through a pro-active IT monitoring to ensure systems, applications, services and business process are functioning properly.

One tool that helps us achieve this goal is Nagios.

Nagios is an open-source monitoring tool that was designed to serve the purpose of monitoring the different networking apps, their sources, and various Linux based devices. With Nagios, we can be vigilant of any critical activities and events of software malfunctions by sending automated alerts to the admins and prevent further damages.

Nagios Architecture

https://www.guru99.com/nagios-tutorial.html

Follow the steps below to have your…


Basically, a honeypot is a computer system, with applications and data, where its objective is to trick cybercriminals into thinking that it is a legitimate target directing attacks on this system.

There are different types of honeypots that capture attacks on emails, databases, web servers and more.

With a honeypot, we can see what an attacker’s modus operandi is and identify patterns. That way, you can look at your security infrastructure and apply appropriate controls against these threats.

A honeypot can be part of a huge network of Honeypot called Modern Honey Network (mhn). …


Vulnerability management is the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities.

In this post, we will configure two platforms that will help us to identity vulnerabilities and aggregate the findings: VulnWhisperer and Nessus.

VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one.

Nessus essentials: is a free version of the famous Nessus vulnerability scanner.

This tutorial is part of the article “SECaaS — Security as a Service”. …


Now it’s time to watch everything working together.

In this article I’ll show you how can we send the Snort logs to the TheHive and look TheHive automatically analyze the malicious IP with our Cortex intelligence.

This tutorial is part of the article “SECaaS — Security as a Service”. I recommend you to read this article before to understand the basics and the purpose of this lab.

Creating an Alert with ElastAlert

First we will configure ElastAlert to send alerts to TheHive.

To do this, we will use an API called hivealerter .

Go to your ElastAlert server and create a new rule.

$ vim…

One of the major problems in an SOC operations is the alert fatigue. To solve part of this problem, the automation tools, called SOAR, become popular and essential.

TheHive and Cortex are two platforms that we can automate the process of analysis.

MISP is an open source threat sharing platform where we can share a lots of IOCs to correlate with other source of data.

This three platforms together will empower our SIEM with IOCs, automatic analysis and actions to block or investigate possible malicious communication or attacks.

This tutorial is part of the article “SECaaS — Security as a…


Snort is popular Network Intrusion Detection systems or NIDS. It monitors the package data sent and received through a specific network interface. Snort can catch threats targeting your system vulnerabilities using signature-based detection and protocol analysis technologies.

This tutorial is part of the article “SECaaS — Security as a Service”. I recommend you to read this article before to understand the basics and the purpose of this lab.

Here we will install and configure Snort and also send the logs to our Elasticsearch Stack.

Hardware requirements
For this demo I used the following machine configurations.

Ubuntu 18.04 LTS — Bionic
2vCPU
4GB…


The function of alerting in Elasticsearch Stack is paid. But the opensource tool called ElastAlert gives us the ability to integrate with our Elasticsearch Stack and send alerts.

This tutorial is part of the article “SECaaS — Security as a Service”. I recommend you to read this article before to understand the basics and the purpose of this lab.

ElastAlert Installation

This tutorial is performed on the Elasticsearch Stack machine.

In this step we are going to install ElastAlert and Slack to receive the alerts.

ElastAlert uses python 3.6 to work, check if your python module is greater than 3.6.

python -V


Wazuh is a Host Intrusion Detection platform. Wazuh is free, simple to manage and is compatible with Elasticsearch Stack.

This tutorial is part of the article “SECaaS — Security as a Service”. I recommend you to read this article before to understand the basics and the purpose of this lab.

The instructions here use the version 3.13. The version is very important here. We need to match the versions of Wazuh and Elasticsearch because of the templates, Logstash configurations, and Kibana app.

You can check the compatible versions here.

In the Part I of this article we will install the…

William Meucci Valente

Information security for study purpose only and more!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store