Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

splunk

Speed: A Security Analyst's Best Friend

Feb 7, 2020 By John Dominguez In Splunk

In so many ways, speed is a security analyst’s best friend. From threat detection to containment to response – the faster you are, the more secure your business will be. It’s exactly why metrics like dwell time, MTTD (mean time to detect) and MTTR (mean time to respond) exist. It’s a barometer for the strength of your organization’s security, and a gauge of success for any good security team.

Read Post
splunk

Announcing the latest version of Security Monitoring for Splunk App

Jan 27, 2020 By Derek King In Splunk

It’s been a while since I have had the pleasure of announcing a new version of Security Monitoring (September 2018), but today I am doing just that. There is nothing better to inspire spending your evenings coding and playing with Splunk than your partner watching shows that just don’t interest you! For my UK friends, yes ‘Love Island’ is that show and for my more international friends "look it up!". So, what updates did I bring?

Read Post
splunk

Detecting CVE-2020-0601 Exploitation Attempts With Wire & Log Data

Jan 22, 2020 By Drew Church In Splunk

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.

Read Post
splunk

CVE-2020-0601 - How to operationalize the handling of vulnerabilities in your SOC

Jan 20, 2020 By Matthias Maier In Splunk

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

Read Post
splunk

Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)

Jan 17, 2020 By Security Research Team In Splunk

Data destruction is an aggressive attack technique observed in several nation-state campaigns. This technique under MITRE ATT&CK 1485, describes actions of adversaries that may “..destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives”.

Read Post

SOCtails Episode 2 - Automate your Security Operations

Dec 3, 2019 By Splunk In Splunk
Kevin has the “alert fatigue”. He’s overwhelmed by too many security alerts, and he doesn’t have the resources or the time to investigate and respond to all of them. Jeff explains how automation from Splunk Phantom can help. And now, with Phantom on Splunk Mobile, you can automate security operations directly from your mobile phone.
View Video

Splunk Phantom

May 1, 2019 By Splunk In Splunk
If you work on a security team, you probably deal with a complex security infrastructure, including a range of technologies from multiple sources, in addition to limited resources to defend your organization. Fortunately, there’s a better way. Splunk Phantom — your go-to SOAR solution — comes to the rescue by integrating your team, processes and tools so you can bring your best defense forward in no time flat.
View Video
Subscribe to Splunk

Copyright © 2024 OpsMatters™. All rights reserved.