[P]Delete

If you have been following my blog you know that I am trying to increase my Incident Response(IR) skillz and experience. For a class project we had to create/improve a piece of software in the forensic community for Windows(Windows forensic class). From my short time of searching the internet I never found a guide to setting up a logging system for Windows from start to finsh. An effective logging system has an agent/collector, a log aggregator, a data visualizer, and a good alerting mechnism. The following sytem I have setup has Wazuh(OSSEC fork) for log collection, Wazuh Management for a log aggregator, the ELK stack for data retention and vizualiztion, and elastalert for e-mail alerting. In this guide I will walk you through on how to setup an effective logging system for all operating systems but mainly Windows for free. Additionally, we will be discussing the type of things that should be logged depending on your enviornment. As final note I have included  my github repo  a

Introduction Zabbix is a great monitoring tool that collects data from servers, virtual machines, and other kinds of network devices so you can analyze it for trends or problems. It has feature-rich notifications on emerging issues, but the built-in tools for data analysis and visualization are not easy to use. You can combine graphs into dashboards, but first you need to create them, and there is practically no easy way to create graphs that display real-time data. Also,to there is no way to collect data from different hosts onto a single graph. While the situation is getting better with each new release, it is far from ideal. Grafana is a good alternative to Zabbix's dashboards. It lets you create graphs and dashboards based on data from various monitoring systems, and it specializes in the display and analysis of this data. It is lightweight, easy to install, and it looks beautiful. In this tutorial, you'll install Grafana and configure it to display data from Zabbix,