Unleash Network Protection: Empower Your Security with SOCFortress’s Free Monitoring Solution
Whether you’re looking to monitor your home network and endpoints, a hobbyist, or a small business owner, the SOCFortress Free Trial is an ideal solution for you.
Intro
At SOCFortress, we believe security should be accessible to everyone. That’s why we’re proud to harness the power of Open Source tools to offer a comprehensive security solution. With the integration of advanced Wazuh Rules, SIGMA rules, and integration with the SOCFortress Threat Intel API, you can trust SOCFortress to help you identify and swiftly detect malicious activity, protecting your digital assets.
🚀 As you embark on your SOCFortress Free Trial, it’s important to be aware of the following limitations that we’ve put in place to ensure a streamlined experience:
1️⃣ Maximum of 5GB of ingested data
2️⃣ Limited to endpoint monitoring only; for firewall ingestion, kindly contact us at info@socfortress.co
3️⃣ Access restricted to one user account
4️⃣ Excludes advanced features such as Case Management and Incident Response
5️⃣ No support for third-party integrations
Within these boundaries, feel empowered to leverage the capabilities of the SOCFortress Free Trial. We are dedicated to providing you with robust security measures and assisting you on your journey towards a safer digital environment. Let’s secure our networks together! 💪
❗ This is a new service and thus anyone who previously had a free trial will need to reregister.
Make sure to check out our training videos built directly into your platform!
🤨 What The Hell Am I Installing?
Welcome to the mysterious world of software installations, where you find yourself contemplating the age-old question: “What the hell am I installing?” The SOCFortress EDR agent is composed of Open Source tools that work together to collect full endpoint telemetry.
Windows
Below we will detail the endpoint software that is deployed onto Windows hosts and each component’s importance.
Wazuh-Agent
The Wazuh-Agent collects logs and events from various sources on the Windows endpoints where it is installed, including system logs, application logs, and security event logs. The agent provides real-time monitoring of system events, network traffic, and user activity. It can detect and alert on suspicious activity and potential security incidents, such as failed login attempts, account lockouts, and malware infections. The Wazuh-Agent also integrates with Sysmon, a powerful system monitoring tool for Windows, which collects detailed information about system activity, including process creation, file creation, and network connections.
Sysmon
One powerful source that the Wazuh-Agent collects logs from is Sysmon. Sysmon is a powerful system monitoring tool developed by Microsoft that provides detailed information about system activity on Windows endpoints. It is designed to detect advanced threats and identify suspicious behavior that may be missed by traditional security tools. Sysmon monitors various types of system activity, including process creation, network connections, file creation, and registry modifications, among others. It generates detailed logs that can be analyzed to identify potential security incidents and provide real-time visibility into system activity.
Sigcheck
Sigcheck is a command-line utility from the Sysinternals suite of tools developed by Microsoft that allows users to scan and verify the digital signatures of files on a Windows system. It can be used to identify unsigned files, detect files with invalid signatures, and verify the authenticity of signed files.
LogonSessions
LogonSessions is a command-line utility from the Sysinternals suite of tools developed by Microsoft that provides detailed information about user logon sessions on a Windows system. It can be used to identify active user sessions, including the user name, logon time, authentication package, and other details.
AutoRuns
Autoruns is a powerful utility from the Sysinternals suite of tools developed by Microsoft that provides a comprehensive view of all the programs and processes that are configured to run automatically on a Windows system. It can be used to identify and manage autostart programs, services, drivers, and other components that may impact system performance or pose security risks.
Chainsaw
Chainsaw allows us to bring Sigma detection rules into the SIEM stack. The Chainsaw EXE is deployed onto every Windows endpoint and is invoked every five minutes. Chainsaw will load in all Windows Event Viewer logs and analyze them against Sigma rules provided by SigmaHQ (https://github.com/SigmaHQ/sigma).
Note: Only High and Critical severity Sigma rules are loaded during execution.
Linux
Below we will detail the endpoint software that is deployed onto Linux hosts and each component’s importance.
Wazuh-Agent
The Wazuh-Agent monitors Linux systems in real-time, collects system and application logs, detects and alerts on suspicious activities, and provides centralized visibility into the security posture of Linux hosts. Similar to the Windows hosts, the Wazuh-Agent integrates with other endpoint detection software to gather further telemetry that the Wazuh-Agent lacks.
Osquery
Osquery collects a wide range of system and application information, such as running processes, open network connections, installed software, system logs, and more. This rich telemetry data can be used to monitor and track system activity, detect potential threats, and identify vulnerabilities that need to be addressed.
Packetbeat
Packetbeat is an open-source network packet analyzer and monitoring tool. Packetbeat works by capturing network traffic at the packet level, analyzing the packets in real-time, and logs all network traffic to a .json file. It can be used to monitor various types of network traffic, including HTTP, DNS, FTP, and more.
Get Started Today
Whether you’re a small business owner, a hobbyist, or someone wanting to secure their home network, SOCFortress is here to empower you. With our user-friendly interface (suggestions welcome 😅), powerful features, and comprehensive security measures, getting started is a breeze. Simply sign up for our free trial, and within minutes, you’ll be on your way to safeguarding your digital assets and gaining valuable insights.
