Prevention
Detection
Response
socfortress
Platform: 1 user account.
No payment info required.
Unlimited Agents.
Storage: 5GB.
EPP: Windows Defender(*).
Alerting: Not Included.
Network Logs: Not Included.
Integrations: Not Included.
Threat Intel: Not Included.
Case Management: Not Included.
Start from$ 0 0 p/mo
Start Free Tier(*)Other EPP Integrarions NOT included.
System Metrics Retention: 3 6 months
Access: Unlimited Unlimited users
EndPoint Data retention: 60 Days 60 Days
EPP: Windows Defender(*) WithSecure EPP
EDR: All features All features
Log Data: $29.95/100GB $29.95/100GB
Log data: $29.95/100GB $29.95/100GB
Security Alerts: Included Included
Security Feeds: Included Included
Access: Not Included Included
Start from$ 4.95 8.95 p/endpoint/mo
Contact(*)Other EPP Integrations INCLUDED
Prevention | Detection | Response.
Unify Cyber Risk Evaluation, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).
SOCFortress service portal is based on the visualization tool Grafana. After accessing the service portal with your credentials a landing page is loaded with metrics and events summaries. From here you can start evaluating monitoring metrics, infra logs, security events, etc.
Quick access to high severity events collected from your end-points and latest events gathered by our threat intel.
Security events include MITRE ATT&CK TTP information for better insights.
SOCFortress EDR covers prevention, detection and response. From the basics of Windows Event Logs to a full range of end-point telemetry and anomaly detection.
Effective security Analysis requires log collection from all available sources in your environmet. SOCFortress can collect logs from different network and security devices to obtain a complete view and insights for all your IT Infra.
Enhancing Cybersecurity with Free Open Source Tools.
Maximizing Threat Detection and Response with Cortex.
Boost Your MSP to MSSP.
Your Open-Source Incident Response Platform.
Part 12. SIGMA rules for the OpenSource SIEM.
Detect Malcious File Uploads With Wazuh and Yara.
World’s Best FREE SIEM Stack Series Compilation.
Part 11. Wazuh Events and MISP Automation.
Detecting Abnormal Network Ports With Wazuh.
Part 10. MISP Threat Intel.
Part 9. Log Normalization.
Part 8. Firewall Threat Intel With GreyNoise.
Part 7. Firewall Log Collection Made Easy.
Part 6. Best Open Source SIEM Dashboards.
Part 5. Intelligent SIEM Logging.
Part 4. Wazuh Agent Install —Endpoint Monitoring.
Part 3. Wazuh Manager Install — Log Analysis.
Part 2. Graylog Install — Log Ingestion.
Part 1. Wazuh Indexer — SIEM Backend.
Build Your Own SIEM Stack with Open Source Tools Series.
Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint.
FREE Wazuh Advanced Wazuh Detection Rules.
SOCFortress Attack Simulator.
Detecting APT29 With SOCFortress.
Wazuh SIEM Integrations (II) — WithSecure Elements EPP.
Wazuh SIEM Integrations (I) — Sophos Intercept X.
ZuoRAT — Wazuh Detection Rules.
Windows Registry Forensic Analysis using Chainsaw, Wazuh Agent and Sigma Rules.
CVE-2022–26134 — Zero-Day Exploitation of Atlassian Confluence.
Wazuh Detection Rules for MS RCE CVE-2022–30190, “Follina”.
Enforcing Security in Web App Firewalls using Wazuh Active Response.
OFFICE 365 — MITRE Enriched Events Using Wazuh Detection Rules.
FREE Incident Response With Velociraptor.
Monitoring Corporate Software Policies using Wazuh EDR and Sysmon.
Performance metrics, Vulnerability Analysis and Security Events.
Exfiltration, as described in Mitre Tactic TA0010, consists of techniques adversaries may use to steal data from your network
Build custom decoders to ingest any type of log.
Microsoft has fixed a new Windows RPC CVE-2022–26809 vulnerability that is raising concerns.
Installing the SOCFortress endpoint and accessing the SOCFortress platform.
Interacting With The SOCFortress Platform.
Wazuh, Elasticsearch, Kibana, and Filebeat Docker Install.
Adversary Emulations Using Mitre Caldera and Wazuh EDR, Part II: Discovery.
DNS Traffic Insights using Domain Stats and Wazuh EDR.
Scanning and Analyzing Executable Files by their hash + VirusTotal.
Adversary Simulations Using Mitre Caldera and Wazuh EDR, Part I: Executing the Beacon Payload.
Wazuh and Sysinternals Integration. Part I: Finding Persistent Footholds.
Wazuh manager integration with OpenCTI for Threat Intel.
How to run network scans integrated in your EDR agents.
How to detect Cobalt Strike Beacons, commonly used in Ransomware attacks.
How to gather system metrics and observability using Telegraf and InfluxDB.
Know when when a known aggressive IP has attempted to SSH into one of your servers.
Implementing and validating MITRE D3FEND Countermeasures using Wazuh EDR. Part I: HARDEN — PLATFORM HARDENING.
This is the first in a series of blog entries covering the MITRE D3FEND Framerowk.
Learn about what's been defined as the worst zero day and remote exploit ever.
Security Process automation and Orchestration using the Open-Source Tool Shuffle.
SNYK is a powerfull tool to find vulnerabilities in code and container images.
Reinforce your security posture by enabling kernel packet filtering in your WAF.
Phishing is often times the initial access techniques leveraged by attackers.
This is the first in a series of blog entries covering the MITRE Att&ck Framerowk.
