One of the main advantages of cloud computing is the ability to provision a complete infrastructure using lines of code.

Infrastructure as a code, or IaC, allows more agility, consistency and security.

There are some tools that are commonly used for provisioning and managing infrastructure via code. …

Authentication to a directory service allows a single point of authentication for users. Basically, the directory service allows the user to login to different systems from the central repository. It also allows users, groups, members of a group, relationships of trust, etc. …

Monitore the health of your environment is an important pillar of security. This is achieved through a pro-active IT monitoring to ensure systems, applications, services and business process are functioning properly.

One tool that helps us achieve this goal is Nagios.

Nagios is an open-source monitoring tool that was designed…

Basically, a honeypot is a computer system, with applications and data, where its objective is to trick cybercriminals into thinking that it is a legitimate target directing attacks on this system.

There are different types of honeypots that capture attacks on emails, databases, web servers and more.

With a honeypot…

Vulnerability management is the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities.

In this post, we will configure two platforms that will help us to identity vulnerabilities and aggregate the findings: VulnWhisperer and Nessus.

VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all…

Now it’s time to watch everything working together.

In this article I’ll show you how can we send the Snort logs to the TheHive and look TheHive automatically analyze the malicious IP with our Cortex intelligence.

This tutorial is part of the article “SECaaS — Security as a Service”. I…

One of the major problems in an SOC operations is the alert fatigue. To solve part of this problem, the automation tools, called SOAR, become popular and essential.

TheHive and Cortex are two platforms that we can automate the process of analysis.

MISP is an open source threat sharing platform…

Snort is popular Network Intrusion Detection systems or NIDS. It monitors the package data sent and received through a specific network interface. Snort can catch threats targeting your system vulnerabilities using signature-based detection and protocol analysis technologies.

This tutorial is part of the article “SECaaS — Security as a Service”…

The function of alerting in Elasticsearch Stack is paid. But the opensource tool called ElastAlert gives us the ability to integrate with our Elasticsearch Stack and send alerts.

This tutorial is part of the article “SECaaS — Security as a Service”. …

Wazuh is a Host Intrusion Detection platform. Wazuh is free, simple to manage and is compatible with Elasticsearch Stack.

This tutorial is part of the article “SECaaS — Security as a Service”. I recommend you to read this article before to understand the basics and the purpose of this lab.

William Meucci Valente

Information security for study purpose only and more!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store