The inbox - overflowing with promotional offers, updates that interest no one, and other cries for attention. Just like mailboxes the inbox is overflowing with junk mail. Labels, filters, and countless third-party tools attempt to categorize incoming mail and bring important messages to the front.

I’m not an expert in reverse engineering or threat intelligence. I spend my days as a security analyst trying to make sense of things I don’t know much about. Those things might be a system admin setting up a new application or it could be a multi-stage malware attack. In one case it was the latter.

As a security analyst for a major MSSP, I use the fancy expensive tools for work. OpenSOC showcases the power of some awesome open source tools that many people have never used. Here are some things I learned by having access to data that’s normally hidden behind an API or totally inaccessible and features not included in large platforms.

Sometimes I have a casual personal project where I just want to get the logs into something where I can easily run queries and create visualizations. The popular content packs on the Graylog Marketplace seem to be deprecated or designed for the NGINX Docker container. This guide will get NGINX logs forwarding to Graylog in just a few minutes. Security and reliability are not guaranteed.

Here’s how to run Docker on Windows 10 and connect it to the Windows Subsystem for Linux (WSL) CLI.