SIEM Log Ingestion – To filter or to deduplicate
Why Should You Manage Your Log Ingestion? Cost Implications SIEM tools operate under a licensing model that typically charges based on the volume of logs ingested. Ingesting a high volume…
Sentinel Parsing Data at Ingestion or at Query time
There are different options for parsing data in Microsoft Sentinel. Query time parsing when the parsing is done when an analytic or analyst executes a piece of KQL or Ingest…
Posted insentinel siem Threat Intelligence
Why is the Sentinel Threat Intelligence Indicator API so full of bugs
Microsoft have an API to add IOCs to the threat intelligence module in sentinel which can you read about here. My issue with it, is that is is full of…
Logstash – Sending Windows Event Logs
Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step 2: Open the winlogbeat.yml and edit with notepad: We will add the following…