StreamAlert & Phantom – Part 1

I’m going to continue with the osquery & StreamAlert scenario found here. I went ahead and created a StreamAlert output handler for Phantom: link Phantom Configuration The phantom configuration is pretty straightforward.  A “REST Asset” needs to be created in order for events to be consumed. 1. Define the asset name, product vendor, and product […]

osquery & StreamAlert – Part 1

I’ve recently come across some open source tools that relieve some of the burdens of security engineering. For many organizations, the traditional SIEM/logger infrastructure requires a significant amount of time, effort and expertise, resulting in an “infrastructure creep” that plagues many engineers.  Its not uncommon to find a dedicated engineer devoted to maintaining the architecture for […]