Findings in Splunk Enterprise Security (ES) Findings in Splunk Enterprise Security (ES) are security-related events that require further investigation or action by security analysts. These notable...

Jobs # putting the current application in the background [control]+z - Application in the background jobs - Show Backgroundjobs fg - Application to Foreground (fg) bg ...

requirements: change the auditd log_format from raw to enriched /etc/audit/auditd.conf Install the Splunk Add-on for Linux change the sourc...

Auditd Components auditctl Configure and manage audit rules. aureport Generate reports from audit logs. aushell Interactively process audit event data. auditd The daemon that collects aud...

Using tabs #open tab :tabnew ## switch tab :tabn ### next :tabp ### previuos gt ## switch forward gT ## switch backwards #open file e: folder e: file navigation h (left) ...

create Report # clone lynis cd /usr/local git clone https://github.com/CISOfy/lynis cd lynis # Start Report ## unprivileged User ./lynis audit system ## privileged user sudo ./lynis audit syste...

Modes Sniffer Mode - Read IP packets and prompt them in the console application. Packet Logger Mode - Log all IP packets (inbound and outbound) that visit the network. Log/drop the packets ...

Files # show all open Files lsof /var # suppress open files by kernel lsof -b # show the count of all open files lsof | wc -l # show open files per user lsof -u steh # show all open files unde...

Checklist for Analyzing Checks to Perform Packet statistics Service identification IP reputation check Questions to Answer Which IP addresses are in use? Has a suspicious IP address...

Dangers of Analysing Malware Samples WARNING: Handling a malware sample is dangerous. Always consider precautions while analysing it.1 Always assume that malware samples will infect your devic...