Wazuh! It works! Not only does it work, but it’s awesome. We’re also covering detection as part of a security program. You can’t have good security without detection. We’re also throwing in a bit of VMware management. Can’t manage labs in VMware without s

Time for more Wazuh and Sysmon. This time we’re adding Atomic Red Team for testing. This is starting to look really good. Unfortunately we’re missing something.

We’ve packed a lot into one episode. We’re reviewing Dorothy’s lab, Wazuh & Sysmon and Microsoft 365. We do have some good news. Got Sysmon installed. We also have access to good Microsoft 365 instructions and a book. We’re moving in the right direction.

There are many ways to answer this question. First, you need some skills. For this ongoing project we’ve decided to focus on Windows. Server 2019, Windows 10 and 11, and a bit of networking for good measure. One has to start somewhere.

We’re in the process of testing Microsoft Defender for Business. This includes vulnerability management, endpoint detection and response and a lot more. This could be the security solution we’ve been looking for.

Of course security solutions aren’t 100% perfect. So, why are people building security programs around perfect solutions?

Time to go deeper down the Sysmon rabbit hole. Looks like Wazuh does a lot more than we thought.

Time to start thinking about our Sysmon deployment. There are a lot of moving parts to this project. It won’t be a simple install on Windows 10. That’s just a small part of the project.

We’re conducting a mini security audit. We’ve got our short list of things we’re doing for security. Are they working for us? Are there things we need to change? How are we doing?

It works! We have application allow listing with AppLocker. Pushed out the settings from Intune. This is awesome! NOTE: No links to instructions for Intune and AppLocker. I need to find good documentation or write my own.