CERT-In : Sensor for MSME networks for logs

If you are an MSME and are looking at complying to the CERT-In directives on logs, then, a sensor we’ve built for generating and storing logs of the entire network, might just be what you are looking for. What do the CERT-In directives on logs state All service providers, intermediaries, data centres, body corporate and Government organisations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days and

Packets don't lie - Threat Hunting with Zeek

Earlier today, I presented a webinar on ’ Packets don’t lie - Threat Hunting with Zeek.' Thanks to the kind folks at APNIC for initiating the request and starting the email thread. The gist of the presentation was about using Zeek to look for anomalies. Before jumping into Zeek, I introduced Network Security Monitoring. Spoke about conn.log and dns.log and used PCAPs from Stratosphere IPS Project to demonstrate threat hunting with Zeek.

Shodan geoping and geodns -Quickly check ping and DNS resolution across multiple locations

Measuring ping and DNS from different vantage points using RIPE Atlas has been something that I have been using for some time now. A few weeks ago, I came across Shodan’s geoping and geodns API, which provides ping and DNS lookup from a few locations and other details such as RTT. This is great because you can quickly check ping and DNS resolution on systems where you only have curl running.