Log4j Critical RCE

The Log4j Vulnerability commonly known as Log4Shell zero day vulnerability was made public on December 9th 2021. This vulnerability is being tracked as CVE-2021-44228 and has been given a CVSS 3.0 severity score of 10.0 (Critical).

Read More

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3

Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right permissions for reading security logs.

Read More

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2

From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from outside to user segments. Hence, we will be discussing Source Initiated Windows Event Forwarding in this article.

Read More

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1

Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in place. The threat landscape is constantly evolving and often the case is that your protective measures are playing catch up.

Read More

Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing

From our experience in deploying various SIEM platform, we would rank Azure sentinel number one when it comes to the variety of data collection options it provides. Virtually any log sources and type of data can be ingested in the Azure Sentinel with the different options it provides

Read More

Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

Read More

SOAR Features and Use Cases

Organizations are getting bigger and bigger and, because of that a lot of events, activities and data are being generated and triggered, and the scale of these events sometimes reaches to a peak, where analysts are not able to handle them anymore.

Read More

Dark Web and Threat Intelligence (DARKINT)

Security researchers and Cybersecurity professionals have an immense interest in discovering threat intelligence on the deep web and darknet. This intelligence allows organizations to detect block and prevent threats of all kinds—But first, we need to know, what exactly is the deep web and the Dark Web?

Read More

Ransomware Incident Response Plan – Part 2

Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system if not responded properly. The following article is specially created for preparing incident response teams against this particular attack, but it is generally excellent guidance for everyone who would like to have clear and step-by-step approach on how to prepare, identify, contain, remediate and recover from the dangerous attacks of ransomware.

Read More


CONTACT US

We welcome you to contact us for more information
about HAWKEYE - SOC As A Service.