Practical Threat Hunting on Compressed Logs with DuckDB

Threat hunting and incident response demand quick and adaptable access to logs, particularly in environments with limited detection capabilities or evolving infrastructure maturity.
Threat hunting and incident response demand quick and adaptable access to logs, particularly in environments with limited detection capabilities or evolving infrastructure maturity.
In this video, explore a smarter and more flexible way to use Wazuh’s active response. Learn how to bypass built-in limitations, trigger responses via Graylog and Copilot APIs, run custom scripts like DNS sinkholing, and automate actions with powerful Graylog alerts.
By Taylor Walton / YouTube
In this video, explore a smarter and more flexible way to use Wazuh’s active response. Learn how to bypass built-in limitations, trigger responses via Graylog and Copilot APIs, run custom scripts like DNS sinkholing, and automate actions with powerful Graylog alerts.
Read more
>Learn how to dynamically manage Sysmon configurations across multiple customers using CoPilot and Wazuh in this step-by-step video guide!
By Taylor Walton / YouTube
Learn how to dynamically manage Sysmon configurations across multiple customers using CoPilot and Wazuh in this step-by-step video guide!
Read more
>Continuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code…
By The Hacker News
Continuous Integration and Continuous Delivery/Deployment (CI/CD) refers to practices that automate how code is developed and released to different environments. CI/CD pipelines are fundamental in modern software development, ensuring code…
Read more
>L’article décrit comment automatiser la gestion des alertes Wazuh via Tracecat : attribution de priorité et sévérité selon la réputation IP, puis création automatique de tickets avec commentaires enrichis issus des métadonnées de l’alerte.
By Killian Prin-Abeil / Aukfood
L’article décrit comment automatiser la gestion des alertes Wazuh via Tracecat : attribution de priorité et sévérité selon la réputation IP, puis création automatique de tickets avec commentaires enrichis issus des métadonnées de l’alerte.
Read more
>Cyber threats are getting smarter, so should your defences. Using Wazuh for security monitoring, you already know it’s a powerhouse for detecting attacks, tracking vulnerabilities, and ensuring compliance. But what if you could make it even sharper?…
By Ekangwo Hernandez / Medium
Cyber threats are getting smarter, so should your defences. Using Wazuh for security monitoring, you already know it’s a powerhouse for detecting attacks, tracking vulnerabilities, and ensuring compliance. But what if you could make it even sharper?…
Read more
>In security monitoring environments, log files are not just activity records; they are often the primary evidence in incident response, threat investigations, and compliance audits. However, without cryptographic protections, logs can be altered, backdated…
By Zafer Balkan / Zafer Balkan Blog
In security monitoring environments, log files are not just activity records; they are often the primary evidence in incident response, threat investigations, and compliance audits. However, without cryptographic protections, logs can be altered, backdated…
Read more
>DevSecOps, short for Development, Security, and Operations, is a methodology that integrates security practices into software Development Operations (DevOps). It emphasizes that security should be a shared responsibility across development…
By Bleeping Computer
DevSecOps, short for Development, Security, and Operations, is a methodology that integrates security practices into software Development Operations (DevOps). It emphasizes that security should be a shared responsibility across development…
Read more
>