5 min
Incident Response
What Makes SIEMs So Challenging?
I've been at the technical helm for dozens of demonstrations and evaluations of
our incident detection and investigation solution, InsightIDR
, and I've been running into the
same conversation time and time again: SIEMs aren't working for incident
detection and response. At least, they aren't working without investing a lot
of time, effort, and resources to configure, tune, and maintain a SIEM
deployment. Most organizations don't have the recommende
6 min
IT Ops
Integrating the Logentries Javascript Library With React
React.js has proven itself a powerful contender in the world of Javascript
frameworks. Arguably, it has become one of a handful of libraries that all web
developers should consider for current or upcoming projects. Understanding how
it integrates with other libraries in your technology stack is an important part
of that consideration. If you currently use, or are considering using Logentries
6 min
Automation and Orchestration
Introduction to osquery for Threat Detection and DFIR
What is osquery?
osquery is an open source tool created by Facebook
for querying various information about the
state of your machines. This includes information like:
* Running processes
* Kernel modules loaded
* Active user accounts
* Active network connections
And much more!
osquery allows you to craft your system queries using SQL statements, making it
easy to use by security engineers that are already familiar with SQL.
osquery is a flexible tool
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
, to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is
6 min
IT Ops
Queuing tasks with Redis
Overview
As stated on their official homepage , Redis is an open source
(BSD licensed), in-memory data structure store, used as database, cache and
message broker.
Little bit about what Redis can do. It supports data structures such as strings
, hashes
, lists
, sets
, sorted sets
3 min
InsightIDR
Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials
If you're only looking through your log files, reliably detecting early signs of
attacker reconnaissance can be a nightmare. Why is this important? If you can
detect and react to an intruder early in the attack chain, it's possible to kick
the intruder out before he or she accesses your critical assets. This is not
only good for you (no monetary data is stolen), but it's also critical because
this is the only time in the chain that the intruder is at a disadvantage.
Once an attacker has an i
7 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) Summary - The Defender's Perspective
Verizon has released the report
of their annual Data
Breach Investigations Report (DBIR). Their crack team of researchers have, once
again, produced one of the most respected, data-driven reports in cyber
security, sifting through submissions from 67 contributors and taking a deep
dive into 64,000 incidents—and nearly 2,300 breaches—to help provide insight on
what our adversaries are up to and how successful they've been.
The DBIR is a
2 min
Phishing
Detect Unknown Spear Phishing Attacks
Phishing continues to be
one of the top attack vectors behind breaches, according to the latest Verizon
Data Breach Investigations Report. Sending ten phishing emails to an
organization yields a 90% chance that company credentials are compromised.
Phishing is often the first step in the attack chain, opening an organization to
stealthy credential-based attacks that allow intruders to exfiltrate
confidential data. InsightIDR now detects targ
12 min
IT Ops
How to Ensure Self Describing Log Data Using Log4Net
In a previous article, The Benefit of Having an Enterprise Logging Policy
, I presented
the case for always using self-describing data formats when logging information.
Using self-describing formats, such as key-value pairs and JSON, saves time and
effort in terms of indexing and subsequently querying your logs on the backend.
Also, logs that use a self-describing data format are easier to understand by
anyone, at any time.
In t
1 min
InsightIDR
Insight Platform Now Compliant with European Data Hosting Requirement
Cloud technology is everywhere. From our annual survey, we found that 79% of
organizations are allowing approved cloud services, with Office 365, Google
Apps, and Salesforce coming in as top 3. Our full incident detection &
investigation solution, InsightIDR, our incident detection and response
solution, and InsightUBA, our user behavior analytics solution are both
cloud-based by design, and hosts in the US-based Amazon S3 cloud. Driven by
market demand, we now offer a European hosting option to
4 min
Designing Authentication
At Rapid7 security is everything, and that doesn't exclude the UX team. Yes, we
want to give you beautiful interactions, seamless workflows and screens that
make you go ‘Wow!' But security is always there gently guiding our design
decisions, which can sometimes cause conflict between security best practices
and the best user experience.
Following on from an excellent post from Roy Hodgman
, one of the most common examples of the
impact of security on user e
2 min
Nexpose
Nexpose Content Release Cadence
Over the past year our Nexpose team has taken on the challenge of overhauling
our product and internal processes to enable more frequent and seamless content
releases. The objective is simple, get customers content to their consoles
faster without disrupting their workflow and currently running or scheduled
scans. This enables security teams to respond to industry trends much faster and
coupled with our new adaptive security feature enables low impact delta scans of
just the new or updated vulne
5 min
Vulnerability Management
Using the National Vunerability Database to Reveal Vulnerability Trends Over Time
This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical
leader with over ten years of experience in vulnerability management, digital
forensics, e-Crime investigations and teaching. Currently he is a senior
vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He
has M.S. in computer science and MBA degrees.
2015 is in the past, so now is as good a time as any to get some numbers
together from the year that was and analyze them. For this blog post,
8 min
IT Ops
Using JavaScript to interact with the REST Query API
We’re very excited to announce that our REST Query API is now available
. With this API, you can:
* make it easy to remotely query your log data
* easily integrate Logentries with third party solutions, external systems and
internal tools
* allow users and systems to query their log data programmatically over our
REST API
In this article, I will show how you can quickly interact with the Query API by
sending in a LEQL query
3 min
IT Ops
How to: Send SMS messages to Logentries in under 5 minutes (maybe 10)
The “Internet Of Things” continues to be talked about a lot with an increasing
number of devices now containing some sort of smart functionality which can be
interacted with. Here’s a great article about end-to-end IoT monitoring
by colleague David Tracey.
However, not all IoT devices can be in locations with WiFi or 3/4G coverage, so
they can not easily (or at all) send or receive data over the internet, and
instead rely on standard cellula