Defense

Tools

• Incident response
  • https://thehive-project.org/
• BeaKer
  • Record all apps making network connections
  • Make this data searchable
  • Combine
    • Sysmon
    • Winlogbeat
    • ELK stack