How to Monitor SNMP devices with Telegraf and InfluxDB and Grafana | Meraki WAN Data

Howard Mukanda Security, Virtualization December 8, 2018

Why did i write this... Every IT admin needs to know what is going on in their environment at all times. Having a dashboard in your office on a TV and active alerts to your phone is critical in our careers. You ideally want to know about the problem before end users start calling. That’s why SNMP is very important and being able to use it to your advantage will make your life easier.

How To Install ELK SIEM For Beginners – Complete Guide

Howard Mukanda Uncategorized January 2, 2020

In 2019, Elastic, the company that brought us the ELK (Elastic, Logstash and Kibana) stack released an ELK based SIEM (Security information and event management System). A SIEM is critical to the operation of a Security Operation Center. I made a video on my youtube channel that can show you some of the information that you
Read More »

Parsing And Visualizing Squid Proxy logs in Graylog and Grafana

Howard Mukanda Security, Virtualization August 23, 2019

Squid Proxy logs json Tutorial from this video: Parsing And Visualizing Squid Proxy logs in Graylog and Grafana : This is the json for the Grafana graph: { “annotations”: { “list”: [ { “builtIn”: 1, “datasource”: “– Grafana –“, “enable”: true, “hide”: true, “iconColor”: “rgba(0, 211, 255, 1)”, “name”: “Annotations & Alerts”, “type”: “dashboard” }
Read More »

How to Parse Snort IDS Logs in Graylog

Howard Mukanda Uncategorized August 17, 2019

Here is the rule that i used in the video: rule “Extract Snort alert fields” when has_field(“message”) then let m = regex(“\(\d+):(\d+):(\d+)\ \[Classification: (.+?)\] \[Priority: (\d+)]: \<(.+?)\> \{(.+?)\} (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:(\d{1,5}))? -> (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(:(\d{1,5}))?\R?”, to_string($message.message)); set_field(“snort_alert”, true); set_field(“generator_id”, m[“0”]); set_field(“signature_id”, m[“1”]); set_field(“signature_revision_id”, m[“2”]); set_field(“description”, m[“3”]); set_field(“classification”, m[“4”]); set_field(“priority”, to_long(m[“5”])); set_field(“protocol”, m[“7”]); set_field(“src_addr”, m[“8”]); set_field(“src_port”, to_long(m[“10”])); set_field(“dst_addr”, m[“11”]); set_field(“dst_port”,
Read More »

How to graph IDRAC temperature, power usage and fan speed measurements in Grafana

Howard Mukanda Uncategorized December 15, 2018

In this tutorial I will show you how to get your Idrac sensor metrics into Grafana in no time. It’s a simple and straight forward process that took me an hour, mostly because I had to research it. It should take you no later than 20 minutes. The metrics that I will be sending to
Read More »

How to Install Security Onion, Elastic, Logstash and Kibana

Howard Mukanda Security, Virtualization November 9, 2018

https://youtu.be/VkExxKCbcm4 In this lab we will show you how to install the Security Onion IDS, with elastic, Kibana, logstash for a SOC and log analysis.

How to SPAN a physical port to a Virtual Machine in vMware ESXi

Howard Mukanda Security, Virtualization November 7, 2018

Installing PFsense on VMware ESXi 6.X

Howard Mukanda Virtualization November 2, 2018

How to Configure VLANS in vMware ESXI 6.X : Lab 3

Howard Mukanda Security, Virtualization November 1, 2018

Home Cyber Range Lab 2 : How to Install vMware ESXi 6.x

Howard Mukanda Virtualization October 21, 2018

In this lab we will install Esxi for the SOC Lab.