Aug 2023
SOCFortress Integrations.
SOCFortress Integrations — Cisco Secure EndPoint.
SOC as a Service Company
Prevention
Detection
Response
socfortress
Select YourService Plan
Free Tier
(Free Forever)
Platform: 1 user account.
No payment info required.
Unlimited Agents.
Storage: 5GB.
EPP: Windows Defender(*).
Alerting: Not Included.
Network Logs: Not Included.
Integrations: Not Included.
Threat Intel: Not Included.
Case Management: Not Included.
Start from$ 0 0 p/mo
Start Free Tier(*)Other EPP Integrarions NOT included.
Observability (Servers)
System Metrics Retention: 3 6 months
Platform
Access: Unlimited Unlimited users
EPDR
EndPoint Data retention: 60 Days 60 Days
EPP: Windows Defender(*) WithSecure EPP
EDR: All features All features
Network Logs
Log Data: $29.95/100GB $29.95/100GB
Integrations
Log data: $29.95/100GB $29.95/100GB
Alerting
Security Alerts: Included Included
Threat Intel
Security Feeds: Included Included
Case Management
Access: Not Included Included
Start from$ 4.95 8.95 p/endpoint/mo
Contact(*)Other EPP Integrations INCLUDED
Business
Enterprise
Prevention | Detection | Response.
Unify Cyber Risk Evaluation, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).
Built For SpeedPlatform Features
Rich Dashboards.
Analysis
Continuous Risk Assessment
SaaS
Case Management and Alerting.
Where Observability meetsSecurity
Service portal, dashboards, metrics and security events.
SOCFortress service portal is based on the visualization tool Grafana. After accessing the service portal with your credentials a landing page is loaded with metrics and events summaries. From here you can start evaluating monitoring metrics, infra logs, security events, etc.
EDR security events and security feeds.
Quick access to high severity events collected from your end-points and latest events gathered by our threat intel.
MITRE ATT&CK TTPs enrichment.
Security events include MITRE ATT&CK TTP information for better insights.
From Windows Event Logs to full telemetry on processes, network connections, and much more.
SOCFortress EDR covers prevention, detection and response. From the basics of Windows Event Logs to a full range of end-point telemetry and anomaly detection.
Network and Infra Logs
Effective security Analysis requires log collection from all available sources in your environmet. SOCFortress can collect logs from different network and security devices to obtain a complete view and insights for all your IT Infra.
0
Threat Intel - IoC Attributes0
Threat Intel - IoC Categories0
Threat Intel - ATPs0
Threat Intel - IoC TypesNewsLatest Entries
Aug 2023
SOCFortress Integrations.
SOCFortress Integrations — SentinelOne EndPoint Protection.
Aug 2023
SOCFortress Integrations.
SOCFortress Integrations — TrendMicro EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — McAfee EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — BitDefender EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — CrowdStrike EndPoint Protection.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — FortiGate BlockList, File Hashes.
July 2023
SOCFortress Integrations.
SOCFortress Integrations — CloudFlare.
June 2023
SOCFortress Integrations.
SOCFortress Integrations — Vulnerability Management using the Exploit Prediction Scoring System (EPSS).
May 2023
SOCFortress Integrations.
SOCFortress Integrations — Kaspersky EndPoint Protection.
Apr 2023
SOCFortress Integrations.
SOCFortress Integrations — Advanced Traffic Flow Analysis using Zeek.
FEBRUARY 2023
SOCFortress Stack Demo.
Enhancing Cybersecurity with Free Open Source Tools.
FEBRUARY 2023
Threat Intel.
Maximizing Threat Detection and Response with Cortex.
FEBRUARY 2023
SOCFortress.
Boost Your MSP to MSSP.
JANUARY 2023
SOCFortress.
Your Open-Source Incident Response Platform.
JANUARY 2023
SOCFortress.
Part 12. SIGMA rules for the OpenSource SIEM.
JANUARY 2023
SOCFortress.
Detect Malcious File Uploads With Wazuh and Yara.
JANUARY 2023
SOCFortress.
World’s Best FREE SIEM Stack Series Compilation.
JANUARY 2023
Threat Intel.
Part 11. Wazuh Events and MISP Automation.
DEC 2022
Threat Detection.
Detecting Abnormal Network Ports With Wazuh.
DEC 2022
Threat Intel.
Part 10. MISP Threat Intel.
DEC 2022
SOCFortress.
Part 9. Log Normalization.
NOV 2022
Threat Intel.
Part 8. Firewall Threat Intel With GreyNoise.
NOV 2022
SOCFortress.
Part 7. Firewall Log Collection Made Easy.
NOV 2022
SOCFortress.
Part 6. Best Open Source SIEM Dashboards.
NOV 2022
SOCFortress.
Part 5. Intelligent SIEM Logging.
OCT 2022
SOCFortress.
Part 4. Wazuh Agent Install —Endpoint Monitoring.
OCT 2022
SOCFortress.
Part 3. Wazuh Manager Install — Log Analysis.
OCT 2022
SOCFortress.
Part 2. Graylog Install — Log Ingestion.
OCT 2022
SOCFortress.
Part 1. Wazuh Indexer — SIEM Backend.
OCT 2022
SOCFortress.
Build Your Own SIEM Stack with Open Source Tools Series.
AUG 2022
SOCFortress.
Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint.
AUG 2022
SOCFortress.
FREE Wazuh Advanced Wazuh Detection Rules.
AUG 2022
Adversary Emulations.
SOCFortress Attack Simulator.
JULY 2022
Adversary Emulations.
Detecting APT29 With SOCFortress.
July 2022
Wazuh SIEM Integrations.
Wazuh SIEM Integrations (II) — WithSecure Elements EPP.
July 2022
Wazuh SIEM Integrations.
Wazuh SIEM Integrations (I) — Sophos Intercept X.
July 2022
ZuoRAT Malware.
ZuoRAT — Wazuh Detection Rules.
June 2022
Windows Registry Forensics.
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules.
June 2022
CVE-2022–26134.
CVE-2022–26134 — Zero-Day Exploitation of Atlassian Confluence.
June 2022
CVE-2022–30190.
Wazuh Detection Rules for MS RCE CVE-2022–30190, “Follina”.
May 2022
Web App Firewalls.
Enforcing Security in Web App Firewalls using Wazuh Active Response.
May 2022
Office 365.
OFFICE 365 — MITRE Enriched Events Using Wazuh Detection Rules.
May 2022
Incident Response.
FREE Incident Response With Velociraptor.
May 2022
Software Policy.
Monitoring Corporate Software Policies using Wazuh EDR and Sysmon.
May 2022
Observability and Security Monitoring in Containers.
Performance metrics, Vulnerability Analysis and Security Events.
April 2022
Data Exfiltration using ICMP (and how to detect it).
Exfiltration, as described in Mitre Tactic TA0010, consists of techniques adversaries may use to steal data from your network
April 2022
Understanding Wazuh Decoders.
Build custom decoders to ingest any type of log.
April 2022
CVE 2022–26809: MS-RPC VULNERABILITY.
Microsoft has fixed a new Windows RPC CVE-2022–26809 vulnerability that is raising concerns.
April 2022
Endpoint Install and User Credentials.
Installing the SOCFortress endpoint and accessing the SOCFortress platform.
April 2022
SOCFortress Platform.
Interacting With The SOCFortress Platform.
April 2022
Easiest SIEM Install.
Wazuh, Elasticsearch, Kibana, and Filebeat Docker Install.
April 2022
Adversary Simulations.
Adversary Emulations Using Mitre Caldera and Wazuh EDR, Part II: Discovery.
March 2022
DNS Traffic Insights.
DNS Traffic Insights using Domain Stats and Wazuh EDR.
March 2022
Sysinternals Part II.
Scanning and Analyzing Executable Files by their hash + VirusTotal.
March 2022
Adversary Simulations.
Adversary Simulations Using Mitre Caldera and Wazuh EDR, Part I: Executing the Beacon Payload.
March 2022
Sysinternals Part I.
Wazuh and Sysinternals Integration. Part I: Finding Persistent Footholds.
Feb 2022
SIEM - OpenCTI Integration.
Wazuh manager integration with OpenCTI for Threat Intel.
Feb 2022
Network Scans
How to run network scans integrated in your EDR agents.
Feb 2022
Detect Cobalt Strike Beacons
How to detect Cobalt Strike Beacons, commonly used in Ransomware attacks.
Feb 2022
Monitor your Wazuh Stack
How to gather system metrics and observability using Telegraf and InfluxDB.
Feb 2022
Enriching Login Attempts with Wazuh and AbuseIPDB
Know when when a known aggressive IP has attempted to SSH into one of your servers.
Feb 2022
The MITRE D3FEND Framework - Part I: HARDEN — PLATFORM HARDENING
Implementing and validating MITRE D3FEND Countermeasures using Wazuh EDR. Part I: HARDEN — PLATFORM HARDENING.
Feb 2022
The MITRE D3FEND Framework - Introduction
This is the first in a series of blog entries covering the MITRE D3FEND Framerowk.
Dec 2021
Log4j/Log4Shell
Learn about what's been defined as the worst zero day and remote exploit ever.
Dec 2021
SOAR with Shuffle
Security Process automation and Orchestration using the Open-Source Tool Shuffle.
Dec 2021
Finding vulnerable code in containers using SNYK
SNYK is a powerfull tool to find vulnerabilities in code and container images.
Dec 2021
Protect your Web Applications with active response
Reinforce your security posture by enabling kernel packet filtering in your WAF.
Dec 2021
Avoid email phishing attacks using threat intel
Phishing is often times the initial access techniques leveraged by attackers.
Dec 2021
The MITRE Att&ck Framework - Initial Access
This is the first in a series of blog entries covering the MITRE Att&ck Framerowk.