Query’s Post
More Relevant Posts
-
1. Boot Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory. 3. Locate and delete the file matching “C-00000291*.sys”. 4. Boot the host normally. 🙃
To view or add a comment, sign in
-
-
STOP 🛑 Do Not Pass Go 🟢 Do Not Collect $200 💵 Do Not Ingest your VPC Flow Logs into #Splunk. Here's Why: Query + Splunk Dashboard: Investigating/Hunting potentially malicious traffic Network Flow data is critical to security investigators and hunters in helping to identify potentially malicious traffic. In this dashboard we can look at resources in particular AWS regions and analyze this data to try and zero in on malicious activity. In this case, VPC Flow Logs are being stored in more efficient cloud storage (#AmazonSecurityLake) and being visualized in Splunk through a single line of SPL that invokes the Query Federated Search App for Splunk. | queryai search="ip = YOUR IP HERE" platforms="AWS_SecLake_VPC_Flow"| spath input=_raw Want to see what else you can do? #splunkbase #federatedsearch #soc
To view or add a comment, sign in
-
-
"The rule says play it where it lies..." What are the parallels between golf and cybersecurity? Hear Query CISO Neal Bridges' take on this and more in his interview on In the Hot Seat with Dazz. Check out the full episode here: https://hubs.li/Q02GNsZj0 #cybersecurity #ciso #playitwhereitlies
To view or add a comment, sign in
-
☝️ SOC Manager #1: Hey — we’re having a problem keeping track of the alerting and assignment of incidents once they’re escalated. Can we use some sort of automation to keep it together? 🤔 SOC Analyst #1: I thought we let Microsoft Security take care of that for us with Defender 365? 🤨 SOC Analyst #2: Wait — don’t we have to wait for them to be pushed into our ITSM tool? I thought that is what we bought it for? 🙄 SOC Engineer #1: First off, *we* didn’t buy it, the Central IT Ops team did. Secondly, I thought we were managing Incidents in Microsoft Sentinel to use their native automation. 🤓 SOC Engineer #2: Folks, with our M365 E5 License we can start to forward all of our Defender alerting and incidents into Sentinel alongside our existing analytics rules and connectors. We can have all the Incidents being assigned there. 😰 SOC Manager #1: Okay, but how do we keep track of them and get visibility back into the other environments for our investigations? 🧠 SOC Engineer #2: Wait, can’t we connect Query Federated Search to Sentinel? That would let us retrieve all Incidents and related Alerts, see who is assigned to them, and pivot across our other data sources using federated search. 🤯 SOC Manager #1: Well that sounds a whole lot better! Read more:
Microsoft Sentinel Integrated Into Query Federated Search Data Fabric
To view or add a comment, sign in
-
Building a modern security team in today's world requires special considerations — especially given how big the data challenges are today. Lets dive into how you go about building a security team, in a data diverse world. Check out the fifth installment of the #SecDataOpsCast with Query CISO Neal Bridges and ALS Global Information Security Director John Moore! Want to listen on the go? Search for SecDataOpsCast on your podcast platform of choice! https://hubs.li/Q02GnJQ00 #secdataops #cyberinsecurity #ciso
To view or add a comment, sign in
-
-
Security teams try incredibly hard to be a business enabler. Unfortunately, downtime due to an incident can be an absolute business killer. This makes Mean Time to Respond/Repair/Recover/Resolve a metric with some real $$ behind it. How much time is your team wasting pivoting across tools and systems to get to relevant security data in critical moments? Do you know what it’s costing you? #cybersecurity #incidentresponse #soc #friends
To view or add a comment, sign in
-
-
Join Neal Bridges and 🔹John M. for a discussion around Building a Modern Security Team in a Data Diverse World. #SecDataOpsCast starts in one hour! #secdataops #cyberinsecurity #ciso
To view or add a comment, sign in
-
-
Join Query CISO Neal Bridges and Global Information Security Specialist at ALS 🔹John M., as they discuss the strategies and pitfalls of building a modern security team in a data-diverse world. Tune in tomorrow at 3:00p ET here or on your favorite streaming platform! #secdataops #secdataopscast #cyberinsecurity
To view or add a comment, sign in
-