Signing GMail Messages with the Estonian eID PKI Card (Part 1)

After reading several articles about the Estonian eID, such as this one: "I’m now an Estonian e-resident, but I still don’t know what to do with it" it becomes clear that there needs to be a bit more use cases around the eID ecosystem. Cyrus Farivar (the author of the above article) already mentions how he used … Continue reading Signing GMail Messages with the Estonian eID PKI Card (Part 1)

Advertisements

Common operations using Estonian eID (Linux)

Assumptions: Using Ubuntu with OpenSC Installation Tip: Make sure to have installed OpenSC from source, rather than using the Ubuntu repositories (in other words, follow the instructions here [1] rather than using apt-get install opensc). This is necessary to avoid the "failed: Invalid arguments Decrypt failed: Invalid arguments " error as outlined in this OpenSC … Continue reading Common operations using Estonian eID (Linux)

Using Let’s Encrypt manual mode

Let's Encrypt is a service sponsored by web giants such as Facebook, Google Chrome, and Cisco (https://letsencrypt.org/). Let's Encrypt has recently gone into public beta and is extremely easy to use. It has some modules already built in to integrate directly with popular webservers like Apache. In my case, I had two use cases where … Continue reading Using Let’s Encrypt manual mode

ELK : exporting to CSV

Note: the following requires the "jq" json parser, available from: http://stedolan.github.io/jq/ 1. Run the desired query through the Kibana WebUI 2. Expand the additional options pane by clicking on the arrow underneath the graph as indicated in the below screenshot: 3. Select “Request” and copy the request displayed: 4. Open a linux terminal and use the … Continue reading ELK : exporting to CSV

AlienVault ELK Integration

In the last couple of blog posts[1][2] we've been exploring how to use the ELK stack as a forensic logging platform. We also had a couple of posts on deploying some AlienVault features [3][4]. In this post we explore a quick and easy way to integrate between the two systems. Apart from the flexible querying … Continue reading AlienVault ELK Integration

AlienVault: Adding a logger to a distributed deployment

There has been some confusion about how exactly to add a dedicated logger appliance to an AlienVault distributed deployment, that is, a setup where server roles (SIEM server, database, loggers, sensors, etc) are hosted on separate servers. It's not very well documented so here goes (with many thanks to AlienVault Support for providing the information): The configuration … Continue reading AlienVault: Adding a logger to a distributed deployment

Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

During a recent project we were required to build a "Logging Forensics Platform", which is in essence a logging platform that can consume data from a variety of sources such as windows event logs, syslog, flat files and databases. The platform would then be used for queries during forensic investigations and to help follow up … Continue reading Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)