First Cyber Security Project

Published by harrisonjonesit.co.uk on

First Cyber Security Project

For my first real hands on cyber security project, I decided to follow a guide on how to create a SIEM in Microsoft Azure.

I created a Windows 10 virtual machine and made it susceptible to the internet by turning almost all firewall options off in order to collect as much data as possible from possible attacks when the machine went live.

the next part was the most complicated. I created a custom PowerShell script to extract metadata from event viewer to be forwarded to a 3rd party API to derive geolocation data (the attackers location). I configured custom logs in Azures log analytics workspace to collect this geolocation data.

finally I configured Azure Sentinel to display global attack data through RDP brute force attempts on a map while also seeing the magnitude of the attack attempts

overall this was a fun first project despite being rather challenging due to my small experience with PowerShell however my understanding of Sentinel and SIEM’s in general helped get this one over the line.

Link to Powershell script found on GitHub Sentinel-Lab/Custom_Security_Log_Exporter.ps1 at main · joshmadakor1/Sentinel-Lab · GitHub

Categories: Blog

Related Posts

Blog

Kubernetes App With Load Balancer Creation

Kubernetes Cluster Creation With Load balancer During my Cloud studies I learned about what Kubernetes clusters is and what it is used for, however recently through following senior professionals I have realised the best way Read more…

Blog

Wazuh SIEM

Wazuh SIEM After discussing an upcoming project in work, I decided to build my own SIEM using Wazuh, which is a free, open-source security tool that can monitor agents and servers giving you full visibility Read more…

Blog

Active Directory Administration

Active Directory Administration I use On-Premise and Azure Active Directory on a daily basis in my job. However when I started the environment was already set up with plenty of users, groups, OU’s ETC so Read more…