Blog

Windows DNS threat hunting with Sysmon and Gravwell

Jun 20, 2019 8:38:00 AM / by Corey Thuen posted in Data Fusion, Microsoft, Windows, Logging, Security, Community Edition

0 Comments

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for windows events. If you've ever tried to set up windows DNS logging before, you understand how awesome this is. This post is all about the new functionality and how to make use of it in Gravwell.

Read More

Using Data Fusion to hunt infrastructure capacity issues

Sep 28, 2017 9:47:20 AM / by Corey Thuen posted in Data Fusion, Case study

0 Comments

 In this post we'll walk through a case study with a customer trying to identify an infrastructure capacity issue in which the system becomes unresponsive during a swell in page visits. We'll follow Alice and Bob (names changed, obviously) as they work through the issue.

Read More