First off, let me introduce myself
My name is Jan,
I’ve recently joined a small, Dutch company in cyber security. At the moment we are looking into launching a “reporting service” to help SMB company’s to up their security posture. We have found that the number one reason why SMB’s do not do this is money. Its simply too expensive. So we set out to change that.
We looked into using OSCTRL with OSQuery. This turned out to be a sad story since we’re no programmers, and this tooling needs lots of work still.
Then we looked into Wazuh. Well… this sucks! Its free, but its also too big, too hard, too everything!
Then i came into DNIF, which looks good. I managed to easily install it, configure a winlogbeat… and then i got stuck…