Elastic Stack, Suricata IDPS and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Elastic Stack, Suricata IDPS and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Introduction In previous parts we have configured the Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. In this part of the series we will look in more depth at the Logstash service, its pipeline …

+ Read More

Elastic Stack, Suricata IDPS and pfSense Firewall – Part 2: Elasticstack Installation and Config

Elastic Stack, Suricata IDPS and pfSense Firewall – Part 2: Elasticstack Installation and Config

Introduction This is the second article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. This part 2 article covers the installation of the Elastic Stack onto and Ubuntu Server and the configuration of LogStash and Kibana to consume …

+ Read More

Elastic Stack, Suricata IDPS and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Elastic Stack, Suricata IDPS and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Introduction This is the first article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. It covers the installation and configuration of Elastic Filebeat on pfSense to ship logs to a remote Ubuntu server running the Elastic Stack. Installation …

+ Read More

Back on the Degree path

Back on the Degree path

Having dropped out of my degree studies when I was 19 due to lack of funds, and then finding myself in the sort of job with the sort of prospects I would have hoped for after graduation I never considered going back – until now! I have embarked on a degree with a view to …

+ Read More

Restricting Internet Explorer access to local drives and executables on Xenapp

Restricting Internet Explorer access to local drives and executables on Xenapp

In a XenApp Published Desktop environment there are typically a whole load of considerations with regards to the restriction of fuctionality to the users via Windows Explorer in a desktop environment which are not always put in place if the system is used to publish applications (As it is not expected the users will have …

+ Read More

Make it go faster

Make it go faster

  For the last couple of years I have been working on a large enterprise roll-out of a certain software product.  With my Infrastructure architect hat on I spent a great deal of time with specialists from the software vendor, the implementation partner and our hardware partner to create a system that would handle the …

+ Read More