Collaborate Disseminate
I am a working student as an information security analyst .
my company provides a bunch of software in our daily work like for example gitlab and jira . Every interaction between the user and the software is logged inside elastic stack .
L… Continue reading How to efficiently analyse logs from elastic search to look for vulnerabilities? [closed]
Can anyone tell me what is happening here step by step:
# This text file shows a collection of log entries from the NIDS and one of the hosts on the network
# Only relevant entries are shown
#
1. 14:45:05:47. Packet from 62.8.1.2 to 102.8… Continue reading Nids log files step by step [closed]
I am curious that how can can i delete windows logs with PowerShell & cmd command in period of time?
Period of time mean only delete specific logs related to last two month.
Please show all possible ways in both PowerShell & cmd.
… Continue reading How delete windows logs with powershell & cmd command in period of time [closed]
How can I get the SOF-ELK VM to inject the IIS logs like the httpd logs. Here are my filebeats yml configs:
/etc/filebeat/filebeat.yml
filebeat.config.inputs:
enabled: true
path: /usr/local/sof-elk/lib/filebeat_inputs/*.yml
filebeat.c… Continue reading Need help configuring SOF-ELK Sans to parse IIS W3C logs
I need to analyse a Mac for traces of file/internet activities.
I wonder if such things like file creation/modifications or wifi activities are tracked somewhere
Recently my windows defender warned me about a possibly malicious program it found on my pc. I have trouble interpreting the data windows defender serves me and I haven’t found any microsoft documentation regarding the processStart value.
… Continue reading How to find data associated with windows defender processStart reference in windows10
I’m researching log-analysis using webserver/HTTP logs, so I created the pipeline for this use case (Anomaly detection). Let’s say I have number/counts of logged records/events for each username.
The problem is I’m not sure what is the be… Continue reading Defining user anomalies by analysing web server interaction counts [closed]
Hello, I am Seonho Lee from the Affiliated Institute of ETRI. Today, I talk about the forensic analysis of ReFS Journaling.
Before everything, let me just briefly explain the two key topics of the presentation. I’m going to explain what &helli… Continue reading Forensic Analysis of ReFS Journaling
Hi, thanks for showing me. This is Christian Chao, a PhD from Iowa State University. Today, I’m going to present LogExtractor. This is joint work with Chen Shi and my advisor is professor Neil Zhenqiang Gong and professor Yong Guan. &hellip… Continue reading LogExtractor: Extracting Digital Evidence From Android Log Messages Via String & Taint Analysis
I found client.log in my EFI system partition, and this is what it contains:
SAFE-MDx Authorization Client
Copyright (C) 2009-2020 Dell Inc., All Rights Reserved.
SafeAuthClient.exe version: 2.3.7
-CSL Library version: 1.020
-COSPA Runti… Continue reading What is SAFE-MDx Authorization Client, and what does it do?