Threat Hunting

  • Home
  • Threat Hunting

Graylog Pipelines – Threat Indicators


Graylog by default provides an included plugin that allows you to check against threat feeds to determine if an IP or an domain has been marked as [...]

Sysmon 10 & DNS Queries


On June 19th Mark Russinovich tweeted that the release of Sysmon version 10 will include DNS query logging. Packetbeat is currently being utilized for [...]

Threat Hunting with DNS Queries


Majority of malware uses a command and control center to retrieve updates, commands to run and more. There are a few methods that malware can use to obtain [...]