Truvis Thornton – Medium

Truvis Thornton

Pinned

Truvis Thornton

Part 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine…

NOTE: This article is based off the following:

8 min read5 days ago

--

Part 2: Threat Detection Engineering and Incident Response with AuditD and Sentinel — Combine…

--

Pinned

Truvis Thornton

Part 1 : Threat Detection Engineering and Incident Response with AuditD and Sentinel — along how to…

NOTE: This article is based off the following and should be followed first:

4 min readMay 18, 2024

--

Part 1 : Threat Detection Engineering and Incident Response with AuditD and Sentinel — along how to…

--

Pinned

Truvis Thornton

Sending OPNSense Syslog, Suricata, and Firewall logs into CRIBL Stream with GEO IP Tagging with log…

OPNSense is a great open source firewall but it’s not the most supported in some cases when it comes to sending it’s logs into SIEMs. In…

5 min readJul 6, 2023

--

Sending OPNSense Syslog, Suricata, and Firewall logs into CRIBL Stream with GEO IP Tagging with log…

--

Pinned

Truvis Thornton

Commandline Auditing — Using different tools to security your Linux server and environments.

By deault Linux does not offer or have any commandline auditing or logging so you never know who did what, where, when and why. But there…

5 min readJul 6, 2023

--

1

Commandline Auditing — Using different tools to security your Linux server and environments.

--

1

Truvis Thornton

How To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a function for…

UFW is basically a wrapper around IPTables so instead of having to remember how to build out IPTables, UFW makes the process simple…

6 min readMay 18, 2024

--

How To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a function for…

--

Truvis Thornton

How to: Parsing AuditD Syslog in Microsoft Sentinel with a function and combining the events by Eve

These are some helpful links on how to understand AuditD and the log format.

6 min readMay 5, 2024

--

How to: Parsing AuditD Syslog in Microsoft Sentinel with a function and combining the events by Eve

--

Truvis Thornton

How-To Install and Setup: Azure Arc, (AMA) Azure Monitor Agent and (DCR) Data Collection Rules for…

With the retirement of Legacy Log analytics, this will go over the new way on how to send logs into Sentinel using Linux using Azure Arc…

5 min readMay 4, 2024

--

How-To Install and Setup: Azure Arc, (AMA) Azure Monitor Agent and (DCR) Data Collection Rules for…

--

Truvis Thornton

OpnSense Firewall Configuration: Allow remote OpenVPN connection in and access all services and…

Have you ever wanted to access your network on the go but not install cloud based applications that you don’t own or trust?

8 min readApr 21, 2024

--

OpnSense Firewall Configuration: Allow remote OpenVPN connection in and access all services and…

--

Truvis Thornton

How to: Create Windows XP Virtual Machine(VM) on Proxmox with Virt— for researching threats…

First you will need to find a Windows XP ISO (https://archive.org/search?query=windows+xp)

4 min readApr 19, 2024

--

How to: Create Windows XP Virtual Machine(VM) on Proxmox with Virt— for researching threats…

--

Truvis Thornton

How to: Proxmox — Creating a new Microsoft Windows VM with VirtIO drivers for performance

If you are coming from a VMWare envirnment, this guide will help you with spinning up Windows VMs with the best performance. By default…

5 min readApr 17, 2024

--

How to: Proxmox — Creating a new Microsoft Windows VM with VirtIO drivers for performance

--

Truvis Thornton

Truvis Thornton

🛡Cyber Defense Architect 🕵🏼‍♂️Threat Hunter/Researcher 👨🏻‍🔬Detection Engineer 👨🏻‍💻SIEM/SOAR/SOC 💡Follow for new ideas and solutions

Following

See all (9,441)

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams