![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-47-2-1024x399.png\")
<\/figure>\n\n\n\n<\/p>\n\n\n\n
From this page I selected the monitor option in order to configure the instance we will be using<\/p>\n\n\n\n <\/p>\n\n\n\n Here I am capable of monitoring various types of log files along with systems health performance.<\/p>\n\n\n\n I selected Local Event Logs since I am using a pre-configured lab that has event logs downloaded on the local machine already<\/p>\n\n\n\n I am specifically looking for PowerShell and Sysmon logs but I noticed that they are not listed in the “Available items” drop down menu. To fetch the logs I need I will navigate over to the <\/p>\n\n\n\n As you can see, there are a plethora of logs we can choose from now. I suggest using the <\/p>\n\n\n\n <\/p>\n\n\n\n The Event log collections has successfully been configured to my needs, now I will upload the the log files from the local machine and run some basic search filters <\/p>\n\n\n\n <\/p>\n\n\n\n What you are looking at here is essentially just a default search that tells us how many total events we have in this instance<\/p>\n\n\n\n <\/p>\n\n\n\n If I would like to specify a certain source or source type I would just specify that in the spacebar like so<\/p>\n\n\n\n <\/p>\n\n\n\n Now for a more practical example of how to use the search feature, we are going to query some failed password attempts by entering This reveals some pretty alarming information to me. There are 84 failed password attempts from various different types of IP addresses. <\/p>\n\n\n\n Lets talk about Sigma rules. The platform uncoder.io allows its users to translate rulesets from one SIEM platform to another. Sigma rules themselves are essentially just baseline rulesets that all of the SIEM’s have in common. This is highly effective when sharing detection methods and eliminates vendor lock-in<\/p>\n\n\n\n As demonstrated below, the sigma rule is selected and then translated into whichever SIEM query language you need to search the log files<\/p>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-49-1-1024x400.png\")
<\/figure>\n\n\n\nSettings > Data Inputs <\/mark><\/code><\/p>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-50-1-1024x1022.png\")
<\/figure>\n\n\n\nCTRL + F<\/mark><\/code> keys to search quickly for the types of logs you may be searching for.<\/p>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-52-1024x371.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-53-1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-54-1024x568.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-55-1.png\")
<\/figure>\n\n\n\n* \"failed password events for sneezy\"<\/mark><\/code><\/p>\n\n\n\n![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-59-1024x927.png\")
<\/figure>\n\n\n\nSigma Rules – Threat Detection Sharing<\/h3>\n\n\n\n
![\"\"](\"https:\/\/cyberlorenzo.tech\/wp-content\/uploads\/2022\/04\/Screenshot-63-1024x661.png\")
<\/figure>\n\n\n\n