Hackers' Pub

If I were to start a new job at a company, and if I have one (security-related) wish .. If I could pick anything, I’d ask for a clear naming convention for all computers and servers. Additionally, I’d want DHCP and security logs to be stored centrally in a SIEM system.

That way, I could set up an alert for anything that stands out, such as devices with names that don’t follow the naming convention (but have requested an IP from the DHCP server), or logins or failed login attempts in the security logs coming from devices that, again, don't follow the naming convention.

As in the latest ransomware case, the attacker used a hostname like WIN* - instant red flag!

Sure, there are edge cases - such as people using personal devices — but we can address these by creating a whitelist or simply banning personal or edge-case devices from the network. I think this kind of monitoring could help detect intrusions very early on.

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`