fbpx

Documentation

Blumira Configuration
  • Blumira Getting Started Guide

  • Create a Blumira Sensor

  • Blumira Sensor Outbound Allowlist

  • Reinstalling or Updating a Blumira Sensor

  • Security Findings

  • Role-Based Administration

  • Dynamic Blocklists and Threat Feeds

  • Deploy a Blumira Honeypot

  • Build a Sensor on Ubuntu

Cloud Services
  • Azure AD Event Hubs

    Azure AD Event Hubs

  • Cisco Umbrella

    Cisco Umbrella

  • Duo Security

    Duo Security

  • Google G Suite

    Google G Suite

  • Infoblox

    Infoblox

  • Okta

    Okta

  • Microsoft Defender for Endpoint

    Microsoft Defender for Endpoint

  • Microsoft Defender for Office 365

    Microsoft Defender for Office 365

  • Microsoft Office 365

    Microsoft Office 365

  • Microsoft Cloud App Security

    Microsoft Cloud App Security

  • LastPass

    LastPass

AWS
  • AWS: Getting Started Guide

    AWS: Getting Started Guide

  • AWS: Kinesis Data Stream and IAM

    AWS: Kinesis Data Stream and IAM

  • AWS: CloudWatch

    AWS: CloudWatch

  • AWS: GuardDuty

    AWS: GuardDuty

  • AWS: CloudTrail

    AWS: CloudTrail

  • AWS: VPC Flow Logs

    AWS: VPC Flow Logs

Endpoint
  • Blackberry Cylance

    Blackberry Cylance

  • CrowdStrike Falcon Endpoint Protection

    CrowdStrike Falcon Endpoint Protection

  • ESET Endpoint Protection

    ESET Endpoint Protection

  • Malwarebytes

    Malwarebytes

  • Malwarebytes Nebula

    Malwarebytes Nebula

  • Microsoft Defender for Endpoint

    Microsoft Defender for Endpoint

  • Sophos Central

    Sophos Central

  • Symantec Endpoint Security

    Symantec Endpoint Security

  • Trend Micro Apex One

    Trend Micro Apex One

  • VMware Carbon Black Response

    VMware Carbon Black Response

  • VMware Carbon Black Managed Defense

    VMware Carbon Black Managed Defense

  • VMware Carbon Black Endpoint Protection

    VMware Carbon Black Endpoint Protection

Microsoft Server
  • Poshim – Automated Windows Log Collection Agent

  • Advanced Microsoft Logging (GPO Template)

    Advanced Microsoft Logging (GPO Template)

  • System Monitor (Sysmon)

    System Monitor (Sysmon)

  • Microsoft Windows Firewall

    Microsoft Windows Firewall

  • Microsoft Windows PowerShell

    Microsoft Windows PowerShell

  • Microsoft Windows IIS

    Microsoft Windows IIS

  • Microsoft Active Directory

    Microsoft Active Directory

  • Microsoft Windows Server

    Microsoft Windows Server

Microsoft Cloud
  • Poshim – Automated Windows Log Collection Agent

  • Azure AD Event Hubs

    Azure AD Event Hubs

  • Microsoft Defender for Endpoint

    Microsoft Defender for Endpoint

  • Microsoft Defender for Office 365

    Microsoft Defender for Office 365

  • Microsoft Office 365

    Microsoft Office 365

  • Microsoft Cloud App Security

    Microsoft Cloud App Security

  • Microsoft Security Modules

Identity
  • Duo Security

    Duo Security

  • Okta

    Okta

  • Microsoft Active Directory

    Microsoft Active Directory

  • LastPass

    LastPass

Firewall
  • Check Point Next-Gen Firewall

    Check Point Next-Gen Firewall

  • Cisco ASA Firewall

    Cisco ASA Firewall

  • Cisco FTD FirePower Threat Defense

    Cisco FTD FirePower Threat Defense

  • Cisco Meraki Firewall

    Cisco Meraki Firewall

  • Citrix Netscaler ADC

    Citrix Netscaler ADC

  • F5 Big-IP

    F5 Big-IP

  • Fortinet Fortigate Firewall

    Fortinet Fortigate Firewall

  • Palo Alto Next-Gen Firewall

    Palo Alto Next-Gen Firewall

  • Palo Alto Networks Panorama

    Palo Alto Networks Panorama

  • SonicWall Next-Gen Firewall

    SonicWall Next-Gen Firewall

  • Sophos XG Firewall

    Sophos XG Firewall

  • WatchGuard Firebox Firewall

    WatchGuard Firebox Firewall

Other
  • Osquery

    Osquery

  • Apache Web Server

    Apache Web Server

  • Apple Mac OS

    Apple Mac OS

  • Forescout

    Forescout

  • KnowBe4 – PhishER

    KnowBe4 – PhishER

  • Linux Auditd File Integrity Monitoring

    Linux Auditd File Integrity Monitoring

  • Linux Journald

    Linux Journald

  • Linux Servers

    Linux Servers

  • Nginx Web Server

    Nginx Web Server

  • Proofpoint Advanced Threat Protection

    Proofpoint Advanced Threat Protection

  • VMware VSphere/VCenter

    VMware VSphere/VCenter

  • WinLogBeat Forwarding

    WinLogBeat Forwarding

Security Guides
  • How to Image Machines for Forensic Use

    How to Image Machines for Forensic Use

  • How to Disable Null Session in Windows

    How to Disable Null Session in Windows

  • How to Disable LLMNR, Netbios, WPAD, & LM Hash

    How to Disable LLMNR, Netbios, WPAD, & LM Hash

  • How to Configure SMB Signing

    How to Configure SMB Signing

Detection Tests
  • Windows – Deletion Event Log Detection Test

    Windows – Deletion Event Log Detection Test

  • Windows – Setting Non-Expiring Password

    Windows – Setting Non-Expiring Password

  • Windows – PowerShell Execution Policy Bypass

    Windows – PowerShell Execution Policy Bypass

  • Windows – Domain Administrator Account Creation

    Windows – Domain Administrator Account Creation

  • Duo Security – Fraudulent Push Notification

    Duo Security – Fraudulent Push Notification

  • Honeypot – FTP Auth Test

    Honeypot – FTP Auth Test

  • Honeypot – HTTP Auth Test

    Honeypot – HTTP Auth Test

  • O365 – Inbox Forwarding Rule

    O365 – Inbox Forwarding Rule

Threat Feeds
  • Threat Feed: Abuse.ch SSL Blocklist

    Threat Feed: Abuse.ch SSL Blocklist

  • Threat Feed: Abuse.ch Feodo Tracker

    Threat Feed: Abuse.ch Feodo Tracker

  • Blumira Feeds: An Overview

    Blumira Feeds: An Overview