SOC Update (6 Apr - 9 Apr 2020)
Progress / Completed Projects & Tasks
- SIEMonster Sec Prod Roll-out
- Remote collector (hydra) installed in Indonesia HQ @ hydra.siem.sec.tvlk.cloud
- HQ Fortinet logs collected via syslog to local collector.
- Detection engineering - Sysmon documentation
- Site-to-Site VPN tunnel request SoP and form(draft)
- OpenSource EDR like tool test drive (velociraptor ) installed in AWS
Plan / Work in progress
- SIEMonster Sec Prod Roll-out on AWS
- Continue working on remote log collector set-up.
- Further running and parsing of UTM logs.
- Finalise clients installation script & pkg to be pushed to Windows Servers. (Sysmon, Wazuh, winlogbeat)
- AWS Guarduty logs and Cloud conformity alert integration.
- Continue testing OpenSource EDR tools (Velociraptor vs OS-Query)
- End-point AV Kaspersky policy audit and deployment number review
- Linux Hardening Golden AMI tools
- Helping Ravi finalising actionable Ubuntu Hardening Standard Doc and hardening scripts accordingly %70 completed.
- Exploring tools to provide actionable scriptable hardening.
- Project page
- Onboard tvlk-dev and tvlk-data AWS accounts to SAML (on-going)
Roadblocks / Problems
- Akamai WAF IP Reputation Module CR in hold.
- Despite engaging with the FE team first of all, they were not ready to proceed due to change of priorities.
- DataDome transfer of ownership / upcomming renewal in danger.
Notable Incidents
none.