Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

splunk

Sysmon, The B-sides: Event Codes That Might Not Get As Much Attention...Just In Time For BOTS!

Oct 6, 2021 By John Stoner In Splunk

For those who have played our Boss of the SOC competition or attended our security workshops, you are undoubtedly aware of Frothly, but in case you are not, here is a quick primer. Frothly is a fictional brewing supply company based in San Francisco who has successes and challenges, just like any other organization.

Read Post
splunk

Active Directory Discovery Detection: Threat Research Release, September 2021

Oct 4, 2021 By Splunk Threat Research Team In Splunk

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

Read Post
splunk

Investigating GSuite Phishing Attacks with Splunk

Sep 30, 2021 By Splunk Threat Research Team In Splunk

Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.

Read Post
splunk

Process Hunting with a Process

Sep 29, 2021 By Shannon Davis In Splunk

Quite often you are in the middle of a security incident or just combing through your data looking for signs of malicious activity, and you will want to trace the activity or relationships of a particular process. This can be a very time-consuming and frustrating task if you try to brute force things (copying/pasting parent and child process IDs over and over again). And in the heat of battle, you may miss one item that could have led you to something interesting.

Read Post

Splunk SOAR Feature Video: Case Management

Sep 27, 2021 By Splunk In Splunk
Case management functionality is built into Splunk SOAR. Using workbooks, you can codify your standard operating procedures into reusable templates. Splunk SOAR supports custom and industry standard workbooks such as the NIST-800 template for incident response. You can divide tasks into phases, assign tasks to team members, and document your work.
View Video

Splunk SOAR Feature Overview: Custom Functions

Sep 27, 2021 By Splunk In Splunk
Splunk SOAR’s custom functions allow you to share custom code across playbooks while introducing complex data objects into the execution path. These aren’t just out-of-the-box playbooks, but out-of-the-box custom blocks that save you time and effort. These capabilities provide the building blocks for scaling your automation, even to those without coding capabilities.
View Video
splunk

Splunk and DTEX Systems Leverage Human Telemetry and Zero Trust to Mitigate Insider Risks and Account Compromise

Sep 27, 2021 By Jane Wong In Splunk

What was once the thing of spy movies and industrial espionage news headlines is now, sadly, a common occurrence for public organizations and private enterprises around the globe. Insiders… employees, consultants, partners… have emerged as one of the most immediate and serious threats facing IT and cyber security teams and practitioners today. It is not however because every insider has turned malicious.

Read Post
Subscribe to Splunk

Copyright © 2024 OpsMatters™. All rights reserved.