SEC44‐Log Hunting - ConnorEast/Tech-Journal GitHub Wiki
This assignment requires the use of UTMStack for the purpose of searching and analyzing log files. Logs are often the most well known starting place for attack triage location. UTMStack is known to be a XDR (Extended Detection & Response) tool which has inbuilt SIEM (System Integrity and Event Management) capabilities. This assignment will require the following steps
1. Provide the direct link to the documentation for UTMStack.
4.b. "Incidents" page
4.c. "Log explorer" page
4.d. "Integrations" page
4.e. RAM and Disk Usage
5. Locate the "Correlation Rules" and then find the Windows rule under "System" for "clearing_windows_event_logs.yml" and take a screenshot.
--- Step 1: Access UTMStack & Subsidiary tool documentation. --- Step 2: Setting up UTMStack. --- Step 3: Creating UTMStack rules. --- Step 4: Show the contents required in the Deliverables Section.
It seems like as of now, there are no free trials allowed on the UTMStack downloads page. This account that is being used is my school account and I only just created the account. As such its not an issue with usage or previous downloads. You might be able to install it straight from the github.
1. Provide the direct link to the documentation for UTMStack.
https://documentation.utmstack.com/v10/Getting%20started/introduction2. Provide a link to the documentation for creating rules with UTMStack.
https://documentation.utmstack.com/v10/correlation%20rules/customizable_rules3. Provide a link to their GitHub repository.
https://github.com/utmstack/UTMStack4. When you login to the demo, take a screenshot of the: 4.a. "Alerts" page.
4.b. "Incidents" page
4.c. "Log explorer" page
4.d. "Integrations" page
4.e. RAM and Disk Usage
5. Locate the "Correlation Rules" and then find the Windows rule under "System" for "clearing_windows_event_logs.yml" and take a screenshot.