Experts and talent to help you succeed
Quick links
Address
- Avenue Cheikh Zayed
- Nouakchott, Mauritanie
Phone
- +222 45 29 00 29
© BINOR & Associés. All Rights Reserved.
ELK + Bro: Building a passive DNS database
Passive DNS data is a good source of threat intelligence. We show in this post how to build such database for your environment using Bro IDS and the ELK stack. The only requirement here is that your bro sensor is seeing all the DNS traffic originating from your local network. You can use Brostash to deploy a Bro based sensor. The Bro logs for DNS traffic combine in one single entry the queried domain and the corresponding answer.
Logstash: Building a data pipeline for Bro IDS logs
In this blog post, the second in our series about the ELK stack, we present an introduction on how to use Logstash. By definition, Logstash is a data processing pipeline that provides the components to ingest data from a variety of sources, to transform/enrich that data and finally to send it to a data store or another processing pipeline. With its modular architecture, Logstash offers a robust framework to easily build a data processing pipeline.
ELK stands for Elasticsearch, Logstash and Kibana. It provides an open source data analytics platform covering searching/analysing, transforming/enriching and visualising data. The main components are: Elasticsearch: distributed full text search engine based on Lucene. Logstash: data processing pipeline, to collect, transform/parse/enrich and send it to a data store. Kibana: user friendly interface to search, analyse and visualise your data. In addition to the three above components, the ELK stack include also Beats a lightweight data shipper.
Brostash: a Debian based Linux distribution that put together the Bro IDS and Logstash. We are please to publish a Debian based Linux distribution that put together the Bro IDS and Logstash. The goal of this distribution is to make it easier to deploy a network security sensor. Using live build you can create the image and deploy it on any number of machines in your network for the purpose of security monitoring.
How to setup a simple samba server
In this post, we show how to setup a simple/small LAN samba server. The setup is done on an OpenBSD distribution. First we start by installing the samba package. This is done by first defining which mirror we will use to download the package and it dependencies.
In this post, we show how to setup a simple LAN gateway running a DHCP server and DNS forwarder. The setup is based on OpenBSD and uses the DHCPD and Unbound. We are assuming to have a box with two NIC cards. The first one is connected to the internal network. The second is connected to your internet access device (e.g. DSL router). We also assume that the box is running OpenBSD.
Experts and talent to help you succeed
Quick links
Address
Phone
© BINOR & Associés. All Rights Reserved.