New Articles

  1. Alert Inbox Playbook

    Overview Overview The plays and procedures in this playbook give you insight into how the TRAC Team monitors your alerts. You can also perform these plays on any triggers created internally by your team.  *Please leave all TRAC triggers t...
  2. User Manual

    Welcome Welcome to DefenseStorm Put simply, DefenseStorm is a network security system for financial institutions. We monitor for suspicious activity, alert you when its found, and work with you to stop any potential attacks and prevent them from...
  3. Firewall Ports

    Firewall Port Table Table of both inbound and outbound network ports for the DVM and Windows Agent.   Direction Port / Protocol Purpose DVM Outbound 80 / TCP;  HTTP OS Updates (Ubuntu) 123  / TCP, UDP ...
  4. DefenseStorm Markdown Language Quicksheet

    Using Markdown Language For Formatting DefenseStorm allows you to add markdown to Notes using a modified version of GitHub markdown language. This document describes commonly used markdown codes. For a full description of the syntax please refer to...
  5. Exchange Audit Logging

    Overview Exchange Audit Logging Exchange audit logging must be setup at the mailbox level and is outside the scope of this document. Please refer to help that is available from Microsoft for setting up Exchange Audit Logging. Verification To v...
  6. Common Auditor Requests

    Overview What to do when you get a request from an auditor This playbook provides examples of common requests you may get from auditors, the corresponding FFIEC statements & GRID features, and exactly what action is required by you to prove ...
  7. Installing Security Onion w/ BRO

    Overview What is Security Onion? Security Onion (SO) is a Linux distrobution for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xpli...
  8. Advanced

    Managing PowerShell Current reports on the use of Windows PowerShell as an attack platform bring up the increased need to detect and prevent the abuse of our system administration ecosystem. The recent release of Mandiant’s M-Trends 2017 annu...
  9. DefenseStorm ThreatMatch API

    Using the DefenseStorm ThreatMatch API DefenseStorm allows you to  programmatically script queries into ThreatMatch to access subscribed ThreatMatch threat feeds via a REST API. To begin utilizing the ThreatMatch API, you must first copy or g...
  10. Gathering Data from Third-Party IT Systems

    This article provides links to third-parties for device setup as well as DefenseStorm specific instructions to ensure data is gathered.  CarbonBlack Defense What Anti-virus Reference https://github.com/DefenseStorm/cbdefenseEventLo...