Incident Analysis with ELK Kibana | HTTP ...

Incident Analysis with ELK Kibana | HTTP Logs Analysis | TryHackMe ItsyBitsy

Feb 25, 2024

We covered cyber incident analysis with ELK Kibana or Elastic Search. We covered http logs pulled from a compromised Windows machine communicating with C2 server. This was part of TryHackMe ItsyBitsy.

Challenge Description

During normal SOC monitoring, Analyst John observed an alert on an IDS solution indicating a potential C2 communication from a user Browne from the HR department. A suspicious file was accessed containing a malicious pattern THM:{ ________ }. A week-long HTTP connection logs have been pulled to investigate. Due to limited resources, only the connection logs could be pulled out and are ingested into the connection_logs index in Kibana.

Full writeup is here.

Video Transcript

Enjoy this post?

Buy Motasem Hamdan / HackNotes a pizza

More from Motasem Hamdan / HackNotes