Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2021

Splunk SOAR Feature Video: Contextual Action Launch

Splunk SOAR apps have a parameter for action inputs and outputs called "contains". These are used to enable contextual actions in the Splunk SOAR user interface. A common example is the contains type "ip". This is a powerful feature that the platform provides, as it allows the user to chain the output of one action as input to another.

Splunk SOAR Feature Video: Configure Third Party Tools

To get started in Splunk SOAR, you will need to configure an asset. Assets are the security and infrastructure assets that you integrate with the Splunk SOAR platform, like firewalls and endpoint products. Splunk SOAR connects to these assets through apps. Apps extend the platform by integrating third-party security products and tools.

Detecting SeriousSAM CVE-2021-36934 With Splunk

SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability, which allows overly permissive Access Control Lists (ACLs) that provide low privileged users read access to privileged system files including the Security Accounts Manager (SAM) database. The SAM database stores users' encrypted passwords in a Windows system. According to the Microsoft advisory, this issue affects Windows 10 1809 and above as well as certain versions of Server 2019.

Splunk SOAR Feature Video: Custom Functions

Splunk SOAR’s custom functions allow shareable custom code across playbooks and the introduction of complex data objects into the playbook execution path. These aren’t just out-of the-box playbooks, but out-of-the-box custom blocks that save you time and effort. This allows for centralized code management and version control of custom functions providing the building blocks for scaling your automation, even to those without coding capabilities.

Onboarding Data in Splunk Security Analytics for AWS

Splunk Security Analytics for AWS’ new data onboarding wizard quickly takes you from subscribing to the service to visualizing your AWS environment. We’ll walk through the wizard in this video, and you’ll see how the new process can save you hours, days or even weeks when compared to traditional data onboarding processes.

Get Started with Splunk for Security: Splunk Security Essentials

Continuing to ride the waves of Summer of Security and the launch of Splunk Security Cloud, Splunk Security Essentials is now part of the Splunk security portfolio and fully supported with an active Splunk Cloud or Splunk Enterprise license. No matter how you choose to deploy Splunk, you can apply prescriptive guidance and deploy pre-built detections from Splunk Security Essentials to Splunk Enterprise, Splunk Cloud Platform, Splunk SIEM and Splunk SOAR solutions.

Demystifying the Hype Around XDR

Extended Detection and Response (XDR) has generated a lot of buzz recently with press, analysts, and even customers. There’s no denying that, at face value, its promise of reduced complexity and cost while increasing detection and response is alluring. As security teams look to modernize their security tooling, they’re also looking for solutions to some of their largest challenges. Is XDR the answer? What is XDR, exactly, and how do you determine if it’s right for your organization?

Five Questions Your Organization Must Ask to Prepare For a Ransomware Attack

Since last week, I’ve been speaking with Splunk customers and our own team about the cyberattacks impacting the Kaseya software platform. While Splunk was not impacted by the ransomware attack, as a security leader we want to help the industry by providing tools, guidance and support. It’s critical that we work together as a community to counter cybersecurity threats and share information about events like these.

Splunk Named a Leader in the 2021 Gartner SIEM Magic Quadrant for the Eighth Time

Splunk was named a Leader for the eighth consecutive time this week in the Gartner Magic Quadrant for Security Information and Event Management (SIEM)*. In our opinion, this recognition marks one of the longest running recognitions in the history of the SIEM market. The recognition comes on the heels of Splunk also being ranked No.

Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt

When Splunk told me we would have a “breach holiday” theme for the summer, I didn’t think it would be quite so on the nose… For those of you who have been working on this Kaseya REvil Ransomware incident over the weekend, I salute you. We’ve been doing the same. As usual, my team here at Splunk likes to make sure that we have some actionable material before posting a blog, and this time is no different.

Fashionably Late: The Zero Trust Trend is Here to Stay

I have often joked that IT, and in particular cybersecurity, is like fashion — not a lot is ever new, just reimagined and, in some cases, improved. As I sit pondering the beauty of my COVID-19 comb-over mullet, I have found myself thinking about how this fashion analogy applies to zero trust.

I Pity the Spool: Detecting PrintNightmare CVE-2021-34527

On Monday, June 21st, Microsoft updated a previously reported vulnerability (CVE-2021-1675) to increase its severity from Low to Critical and its impact to Remote Code Execution. On Tuesday, June 29th, a security researcher posted a working proof-of-concept named PrintNightmare that affects virtually all versions of Windows systems. Yesterday, July 1, Microsoft assigned this flaw a new CVE, CVE-2021-34527.