New Articles

  1. SQL Audit Logging

    Overview This article explains how to successfully ingest SQL Server events (at both the server and database level) to the DefenseStorm GRID. This provides users with applicable technical controls for monitoring activity on mission critical datas...
  2. Alert Inbox Playbook

    Overview Overview The plays and procedures in this playbook give you insight into how the DefenseStorm TRAC Team monitors your alerts. You can also perform these plays on any triggers created internally by your team.  *Please leave all TR...
  3. User Manual

    Welcome Welcome to DefenseStorm Put simply, DefenseStorm is a network security system for financial institutions. We monitor for suspicious activity, alert you when its found, and work with you to stop any potential attacks and prevent them from...
  4. Internal NTP Server Configuration

    Overview NTP servers are essential to the proper functioning of the internet and all linked computer systems. The public NTP server associated with your DefenseStorm Virtual Machine synchronizes time on all your systems to assist with accurate log ...
  5. Firewall Ports

    Firewall Port Table Table of both inbound and outbound network ports for the DVM and Windows Agent.   Direction Port / Protocol Purpose DVM Outbound 80 / TCP;  HTTP OS Updates (Ubuntu) 123  / TCP, UDP ...
  6. Community Integrations

    Overview This article provides integration scripts to ingest log data from cloud-based services into DefenseStorm GRID via the DVM. This list of community integrations will continue to grow based on customer requirements, requests, and DefenseStorm...
  7. DefenseStorm Markdown Language Quicksheet

    Using Markdown Language For Formatting DefenseStorm allows you to add markdown to Notes using a modified version of GitHub markdown language. This document describes commonly used markdown codes. For a full description of the syntax please refer to...
  8. Exchange Audit Logging

    Overview Exchange Audit Logging Exchange audit logging must be setup at the mailbox level and is outside the scope of this document. Please refer to help that is available from Microsoft for setting up Exchange Audit Logging. Verification To v...
  9. Common Auditor Requests

    Overview What to do when you get a request from an auditor This playbook provides examples of common requests you may get from auditors, the corresponding FFIEC statements & GRID features, and exactly what action is required by you to prove ...
  10. Installing Security Onion w/ BRO

    Overview What is Security Onion? Security Onion (SO) is a Linux distrobution for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xpli...