If you’ve been following recent tech news, you’ll know that Windows 11 is one of the hottest topics right now. Most of the conversation has been focused on users of the Home version, as Microsoft tries to get the average consumer excited with hot new features and a fresh look. But what about enterprise users who won’t have a choice in whether they upgrade or not? How are they going to feel about Windows 11?
The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better. Sysmon gives you awareness of what’s going on in your endpoints.
Looking to monitor your Windows systems with Icinga, but aren’t allowed to install non-Microsoft certified software on them? Then you are in the right place. After all, you want to monitor your systems somehow. But you don’t want to lose the support from MS afterwards, just because you installed a monitoring system on it. Well, today I will show you how to monitor your Windows without having to install the Icinga agent.
Windows has been a huge focus for Puppet since the beginning, and never more so than with our recent news that the whole suite of DSC Resources are now accessible through the Forge, all fully supported by Puppet. Puppet and Windows have always gone hand in hand, but it hasn’t always been plain sailing.
After months of developing and testing, we are finally ready to announce the release of our Icinga for Windows Hyper-V and Cluster plugins version v1.0 today! We collected lots of feedback, tested different approaches and re-designed some plugins to ensure we can provide good monitoring basics for these environments, allowing us to improve and extend them in the future.
Given the numerous cyber-threats that organizations face these days, security has become one of the most serious issues on everyone’s mind. When it comes to protecting business-critical environments from malware, various security measures can make a significant difference. Patching is one such important component of ensuring the security of your infrastructure and data.
In an earlier blog post, we spoke about building your own ProblemChild framework from scratch in the Elastic Stack to detect living off the land (LOtL) activity. As promised, we have now also released a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get ProblemChild up and running in your environment in a matter of minutes.
This quick blog is the first in a two-part series discussing a userland Windows exploit initially disclosed by James Forshaw and Alex Ionescu. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver.
