Our great sponsors
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Then you can go about making dashboards for high level information around the logs you are collecting. They used to have awesome ones in their marketplace but have since removed them for some reason. Here is a reference to one of them https://github.com/aydnyldrm/Graylog_3.0_Content_Pack_Active_Directory_Auditing
Try Wazuh. It'll filter and parse logs for you, make pretty C-level graphs, and give you pointers on where to begin threat hunting.
Depending on whether this is up your alley either look for a MSSP/MDR/Managed BlaBla provider or head on to - https://github.com/splunk/security_content - https://www.elastic.co/guide/en/security/current/prebuilt-rules.html - https://github.com/mdecrevoisier/SIGMA-detection-rules - https://github.com/Azure/Azure-Sentinel to get an idea of what to look for. MITRE ATT&CK and the related DETT&CT should serve as an additional eye opener. Ah yes - forgot the bible on log management from Anton Chuvakin in the above list.
Depending on whether this is up your alley either look for a MSSP/MDR/Managed BlaBla provider or head on to - https://github.com/splunk/security_content - https://www.elastic.co/guide/en/security/current/prebuilt-rules.html - https://github.com/mdecrevoisier/SIGMA-detection-rules - https://github.com/Azure/Azure-Sentinel to get an idea of what to look for. MITRE ATT&CK and the related DETT&CT should serve as an additional eye opener. Ah yes - forgot the bible on log management from Anton Chuvakin in the above list.
Depending on whether this is up your alley either look for a MSSP/MDR/Managed BlaBla provider or head on to - https://github.com/splunk/security_content - https://www.elastic.co/guide/en/security/current/prebuilt-rules.html - https://github.com/mdecrevoisier/SIGMA-detection-rules - https://github.com/Azure/Azure-Sentinel to get an idea of what to look for. MITRE ATT&CK and the related DETT&CT should serve as an additional eye opener. Ah yes - forgot the bible on log management from Anton Chuvakin in the above list.