Skip to content

Instantly share code, notes, and snippets.

@C8H10N4OO C8H10N4OO/
Last active Jul 12, 2019

What would you like to do?
Learning SecOps At Home

Using Your Home for Security Operations

  1. Get a Router that can at least do SysLogs and then do more advanced features like DPI, Etc
  1. Get Logging setup
  • Raspberry Pi with syslog on it
  • Local Splunk Server (500MB/day Free) with Splunk forwarder installed on the syslog server
  • Sumologic (500MB/Day Free) with SumoCollector installed on the syslog server Note: The reason not to send the logs directly to the Splunk/Sumo is:
    • So that's in a neutral place
    • Forensically sound
    • RAW retention and archiving policy
  1. Install Agent on your Home Machines and gather Logs
  • Sumologic Collector for MacOS or Windows (easiest)
  • Splunk Agent
  • Osquery
  1. Analyze your logs
  • Log in to Splunk/Sumo
  • Learn syntax
  • Search and exlpore your network. IP Addresses, DNS Requests, sort by high AND low count (one offs are interesting), Make a map

More Advanced:

  • Collect Netflow data
  • Setup home DNS server and log DNS queries
  • Setup an AWS or GCP account and learn how to collect logs from there.

Note: Not everything is free on AWS or GCP, beware of accuring charges. Contact support if you accidentally go over.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.