The Cyber Morum

Summary: In this blog, we are going to download demo logs from GitHub and upload, understand and analyze FortiGate and Palo alto raw logs. Uploading logs to Splunk : We will start by downloading the dataset from  https://github.com/splunk/botsv1  this site. Here in the below pic, you can see two different datasets ( One containing normal and attack logs and the other one containing only attack logs). I am downloading the attack logs. This dataset contains different types of logs as shown below. As the botsv1 dataset contains only FortiGate firewall logs for Palo Alto logs we will download the botsv2 dataset from this site https://github.com/splunk/botsv2 Uploading logs to Splunk: After downloading both the datasets, extract and copy both the folders and paste them to  InstallationPath/Splunk/etc/apps    After this step, we will allow Splunk to parse the logs for a few seconds and then check as shown below. Here, we can see that both the datasets have been uploa...

  In this blog, I am going to install configure, and even block a malicious domain in the form of a redhunt.net. We will create rules to block this domain.  You can download the ISO file for the pfsense firewall from this  pfsense website .  Download the FreeBSD version from the  FreeBSD website  and we will set the type as BSD. FreeBSD is a free and open-source Unix-like system and popular server platform. It generally has a lower amount of security issues than Linux and makes it easy to set up a rule-based packet filtering firewall. Now we will ensure that our virtual machine is in the bridged networking mode so that it can use its own IP address and does not have to share it with the host system. INSTALLATION PHASE: After starting the virtual machine you will initially see this screen at the start. After choosing all the default options you will end up on this screen below. You can see it is asking Should VLANs be set up now? we will type "n".  Now ...

After learning about CompTIA security+ through LinkedIn and after doing some initial research about the content, book, and objectives of the exam I got an understanding that this certification touches on every part of the fundamental cybersecurity domain in great detail. In this blog, I will discuss what I learned from the certification, the key materials to study and how to learn it so that it can be beneficial to apply these concepts while dealing with real-life situations or in a home-lab environment. How the certification helps? As we know CompTIA security+ is a global certification it validates and helps us have the baseline knowledge to perform core cybersecurity operations. It helps an individual to identify and address potential threats, risk management techniques, and also intrusion detection and prevention systems among others. As the exam covers 6 important domains within cybersecurity some of the key topics I learned and think were very essential in building up my knowledge...