Open Source Incident Response Platform - Your SOC Needs This!

Подписаться 17 тыс.

Просмотров 29 тыс.

50% 1

Join me as we replace TheHIVE with DFIR-IRIS. The new open source Incident Response Platform!
Forgot to add a challenge flag in the video, so this week is an easy one :)
Flag: gvASDY63!
Blog: / your-open-source-incid...
Check Them Out: dfir-iris.org/
DFIR-IRIS Discord: / discord
🚩 CTF Challenge: ctf.socfortress.co/
📩 Contact Me: taylor.walton@socfortress.co
ℹ️ LinkedIn: / socfortressmdr
🧾 Our Blog: / socfortress
☕ Buy Me A Coffee: bit.ly/3woh21M
🚀 Security Operations Center as a Service: www.socfortress.co/
✅ Free For Life Tier: www.socfortress.co/trial.html
👨🏻‍💻 Professional Services: www.socfortress.co/ps.html
👾 Discord Channel: / discord
Series Playlist: • World's Best SIEM Stack

Наука

Опубликовано:

29 янв 2023

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 35

@rockdarko440 Год назад

What I really enjoy about your content is that you don't only show solutions but really go in-depth in them and demonstrate how they apply in the real world. What would be really awesome is a video on the different solutions you go over on your channel and explain different ways they complement each other. Thanks again man!

@deepaknarayanan3619 Год назад

Your videos are unique and extremely useful. Great Contents , please do continue with more SOC related contents. I'm a senior cybersecurity engineer and your videos helps my team alot. All the best brother..

@user-um3sy6qj4c Год назад

Thank you, very helpful information

@alimachiavelli8917 Год назад

Good one @Taylor

@IvanCenturionGiles Год назад

The tool looks very useful

@FreeSOC-de Год назад

Hi Taylor, looks very interesting - is it possible to archive closed cases to MISP and is it directly usable to analyse with cortex, or did i have to use shuffle for interact between Wazuh, Cortex, MISP and DFIR-ISIS?

@logicbypass Год назад

Hi, thx for the video, as always enjoy your content! Did you know of any self-hosted solutions that are as complex as Microsoft 365 Defender stack? (Sentinel,MDE,MDI,MDO,MDC,MDCA,AAD,DLP,TIP,MDAV..). Closer to the "Zero Trust" concept than "Network-Based Security". Thx.

@mmahrusqusaeri1326 Год назад

cool, i will try this

@user-um3sy6qj4c Год назад

Hopefully you will demonstrate how to create a customized Incident Report Template by using DFIR-IRIS. Thanks

@vector1one Год назад

This is cool, I was looking for a thehive replacement. Is there a tie in for intelowl much like the hive has cortex?

@jaimev321 6 месяцев назад

Thanks

@mauriciob3334 Год назад

I think knowing that cortex is still open source it would be nice to create a connection between iris and cortex

@EminKmmm Год назад

awesome

@ithiou92 Год назад

Great This tool is very useful 👍👍 Can we integrate with ELK?

@markverstappen1365 Год назад

Great video!!! Could you also make a (step-by-step) video how to get it working when someone is using Portainer as containermanagement software. Can't get it to work due to the use of all the interconnected Dockerfiles and scripts. All the images need to be constructed and then in one docker-compose file without all the seperate buildsteps you can start them in Portainer under stacks. But could not get it to work 😞

@bdcirt6125 Год назад

Nice tutorial :) How to post the elastalerts from praeco to iris?

@lucasvalentelima7331 Год назад

Your terminal looks amazing! 😮 What software is it?

@MADhatter_AIM Год назад

i want to know this also, i saw auto-complete etc ...

@brokstine 9 месяцев назад

Termius

@da2ricky 8 месяцев назад

I was digging through comments to find this out myself

@cesars.3210 24 дня назад

Hello, did you do a video about shuffle automation with IRIS ?

@ICanEatThat Год назад

Does IRIS support multi tenants like TheHive, would be so cool if it does

@KimHalavakoski 10 месяцев назад

Yes it does.

@ak414414 Год назад

Can ElastAlert send alert to DFIR-IRIS ?

@mkhalileng 9 месяцев назад

thank you for your effort. Could you make video for latest version 2.3 ? 😅

@erosonthekitchen 9 месяцев назад

Did you manage to install version 2.3? It doesn't work for me, it won't start on port 443, it keeps telling me that the website is sleeping.

@JorgeAntonioArca Год назад

Hola, de donde sacan los eventos?

@S0GE_KING 2 месяца назад

How much memory do I need to allocate on the server for it??

@aramisdelacruz8879 Месяц назад

Hello, has anyone here been able to generate automatic alerts once they match with MISP or some other threat intelligence tool, using graylog for log management?

@kader8815 2 месяца назад

can i use dfir-iris without docker ??

@lyledocherty4356 8 месяцев назад

Hi There, Wondering if anyone would be able to assist me with something, I have had some struggled with DFIR IRIS and getting it up and running but I have now managed to get it working, however when I try to find the admin password to sign into the portal it states: WARNING :: post_init :: create_safe_admin :: >>> Administrator already exists Wondering if anyone else had come across this and what they did to fix it, I can't seem to see a log of the admin password anywhere, I have checked the docker logs and still don't appear to see it it just states Administrator already exists, any help is much appreciated.