Case Studies
Customizing nodes of a lab
This tutorial aims at customizing nodes of a running lab by installing softwares or uploading data.
Testing DFIR artifact collection tooling
This case study focuses on testing forensic tools and procedures for DFIR (Digital Forensics and Incident Response) activities.
SOC analyst training with M&NTIS Platform
This tutorial outlines the process for implementing Labs to train SOC analysts using the M&NTIS Platform.
Monitoring and Integrations
Auditbeat
Auditbeat is the Elastic's agent for monitoring audit logs on Linux.
Filebeat
Filebeat is an agent conceived by Elastic in order to generate application logs.
Winlogbeat
Winlogbeat is an agent conceived by Elastic in order to transfer Windows Events logs.
Sysmon
Sysmon is a Windows system service that remains resident between system reboots to monitor and log system activity to the Windows event log.
Microsoft Azure
Azure Cloud is the Microsoft's SIEM for log gathering and analysis where the Azure Monitor Agent sends its logs.
Harfanglab
This EDR works on both Windows and Linux. Agents communicate with a external pre-configured Hurukai SIEM.
SentinelOne
This EDR works on both Windows and Linux. Agents communicate only with a external proprietary management console.
Wazuh
This Open Source EDR works on both Windows And Linux. Agents communicate with a proprietary management console embedded in the lab.
Suricata
The Suricata network probe is integrated in the M&NTIS platform. It aims at detecting network attacks based on signatures.
Elastic Cloud
Elastic Cloud is a SIEM accessible in the Cloud. It is able to retrieve logs from the Logstash component.
Logstash
Logstash is a log collector used to transform, store or pass the logs it recveives.
Sekoia
This SIEM receives logs from configured log collectors inside the lab, and can triggers alerts depending on a catalog of detection rules.
Splunk
This SIEM receives logs from the Logstash component.
Collaborative embedded tools
Grist
Grist is a flexible tool that blends spreadsheets and databases for custom data management.
Etherpad
Etherpad is an open-source web-based tool for real-time collaborative text editing.
MISP
MISP is an open-source platform for sharing, storing, and correlating threat intelligence.
Openfire
Openfire is an open-source XMPP server for real-time messaging and group chat.