11 min
IT Ops
Monitoring SNS Activity Using a Lambda Function and Logentries
Amazon Web Services Lambda functions are very cool. A Lambda function is a
feature in Amazon Web Services that allows you to put a discrete piece of
computing logic up in The Cloud and then access that logic to meet a particular
need. For example, you can create a Lambda function that takes a list of stock
symbols and does some analysis on the list using other cloud based services in
order to suggest the best stock to buy.
Logentries has put the power of Lambda functions
[https://docs.rapid7.co
3 min
IT Ops
Checking Active Directory (AD) Security and Integrity via Log Monitoring
Because AD literally holds the keys to the kingdom for domain-based networks and
runtime environments, it’s usually a good idea to keep a close eye on those
keys, how they’re being used and what kinds of attacks might be directed at
them. Monitoring AD related event logs provides one great tool in exercising due
security and integrity diligence. Alerting on specific high-impact events
provides yet another.
For over two decades now, Microsoft’s Active Directory (AD) has provided a
powerful set
1 min
Automation and Orchestration
What are Networking Intrusion Prevention/Detection Systems?
NID(P)S, or Networking Intrusion (Prevention)/Detection Systems
[https://www.rapid7.com/fundamentals/intrusion-detection-and-prevention-systems-idps/]
are used by a security team for general network security
[https://www.rapid7.com/fundamentals/what-is-network-security/] monitoring. They
work by passively monitoring (or actively gating, in the NIPS case) network
traffic and applying rules or signatures to trigger alerts.
Advantages
* Easy to deploy: Unlike endpoint devices, they can be placed
11 min
Automation and Orchestration
GDB for Fun (and Profit!)
Who Should Read This?
Have you ever wondered why your code doesn’t work? Do you ever find yourself
puzzled by the way someone else’s program works? Are you tired of spending night
after tearful night poring over the same lines of code again and again,
struggling to maintain your sanity as it slips away? If this sounds like you or
someone you know, please seek help: use a debugger.
What Is a Debugger?
For those of you that have never used a debugger:
1. I’m so sorry
2. Please read on
A debug
3 min
IT Ops
Exploiting Zookeeper for managing processes in a production environment with Lockex
Lock and execute!
As an engineer here at Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=exploiting_zookeeper-logentries_blog-post_cta-create_trial&utm_campaign=exploiting_zookeeper&utm_source=logentries_blog&utm_medium=post_cta&utm_content=create_trial]
I need to maintain a complex system that has requirements for being available to
our customers. We always build systems with the ability to be resistant to
failure.
In our environment, we have processes and dae
4 min
Komand
How to Create a Culture of Security Ownership Across Your Organization
Company culture is a phrase that means different things to many people. From the
company mission statement to the performance of a team, culture is often an
amalgamation of leadership values and individual employee contributions.
Security, and its many variants (cybersecurity, infosec, et. al), isn’t always a
word associated with “culture”. But in today’s digital landscape, it absolutely
should be.
Building a successful company culture often comes down to three elements:
people, processes, and
3 min
Komand
SOC Series: How to Structure and Build a Security Operations Center
Building an effective security operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/] requires
organizing internal resources in a way that improves communication and increases
efficiencies. Adding to a former post,When to Set Up a Security Operations
Center
[https://www.rapid7.com/blog/post/2016/06/01/to-soc-or-not-to-soc-when-to-set-up-a-security-operations-center/]
, we're now offering a framework for organizing the three key functions of a
SOC: people, proce
3 min
Metasploit Weekly Wrapup
Weekly Metasploit Wrapup 16
We have a new module from rastating which exploits an unauthenticated file upload vulnerability in the popular WordPress plugin, Ninja Forms.
14 min
Automation and Orchestration
Working with Bro Logs: Queries By Example
Synopsis:
Bro [http://bro.org/], a powerful network security monitor, which by default
churns out ASCII logs in a easily parseable whitespace separated (column) format
from network traffic, live or PCAP. Because this logs are in the aforementioned
format it makes them very hackable with the standard unix toolset. If you’re an
experienced unix user with ample networking knowledge you probably have all the
know-how to immediately pull useful data from Bro logs. If you’re not familiar
with the stan
3 min
Komand
SOC Series: When to Setup a Security Operations Center
To build a successful security function, you need to coordinate across people,
processes, and technology. And the stakes have never been higher than they are
today when it comes to information security, which is why many businesses are
looking for ways to centralize security operations by way of a security
operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/]
(SOC Series: When to Setup a Security Operation).
When it comes to achieving cohesion, SOCs are a ma
15 min
Automation and Orchestration
Nagios Series: Deployment Automation Tips and Tricks
Synopsis:
In this article I will be sharing some ideas that I’ve used from my experiences
that will help streamline and take a lot of the work out of managing a Nagios
deployment. I will go into multiple ways to manage your deployment. As you read
on I will introduce a more complete solution. We will begin with git and cron,
extend that to use subtrees, and then move along to an enterprise deployment
with Puppet and ERB along with the aforementioned tools.
Git:
My philosophy is that just about
1 min
IT Ops
Integrating Logentries With .NET The How and Why
A robust logging strategy opens up a world of potential improvements for your
.Net applications through application logging. Application logging provides
valuable insight. Insight that can only benefit your network application stack
since your .Net application is the front line for enhancing your customer’s
experience.
Bringing meaning to all the potential information that your .Net application can
collect is what Logentries does best. Logentries makes getting this valuable
information into y
6 min
Komand
Building SVG Maps with React
Here at Komand, we needed a way to easily navigate around our workflows. They
have the potential to get complex quickly, as security workflows involve many
intricate steps.
To accomplish this task, we took an SVG approach to render our workflow
dynamically (without dealing with div positioning issues). This gave us the
power of traditional graphics to do a variety of manipulations on sub
components.
In this walkthrough, we will useInteractive SVG Components
[http://www.petercollingridge.co.u
4 min
IT Ops
Intrinsically fast: more JVM performance tinkering
I didn’t expect my last post
[/2016/03/14/a-point-of-contention-cache-coherence-on-the-jvm/] on JVM perf to
be so well received, so I thought I’d carry on digging into why your code does
(or doesn’t) run fast! Let’s forget about concurrency for now and instead focus
on the executable machine code that the Java Virtual Machine (and particularly
HotSpot) generates.
In Java-land it’s pretty common to hear people mention stuff about ‘warmup
times’, especially in the context of an incendiary micro
7 min
IT Ops
Implementing Self-Describing Log Data Using NodeJS
In my previous article, How to Ensure Self-Describing Log Data using Log4Net
[/2016/04/how-to-ensure-self-describing-log-data-using-log4net/], I showed you
a technique that made structuring your logging information as key-value and
JSON under Log4Net an easier undertaking. In this article I am going to apply
the same concepts to NodeJS. I’ll show you how to make it so that so you can
ensure logging uniformity among all the NodeJS developers in your enterprise
with little to no additional effo