Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2021

splunk

Splunk SOAR Playbooks: Conducting an Azure New User Census

Mar 31, 2021 By Philip Royer In Splunk

In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).

Read Post
splunk

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Mar 26, 2021 By Shannon Davis In Splunk

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

Read Post
splunk

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Mar 18, 2021 By Kelly Huang In Splunk

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.

Read Post
sumologic

Sumo Logic to accelerate modernization of security operations with proposed acquisition of DFLabs

Mar 10, 2021 By Greg Martin In Sumo Logic
At Sumo Logic, our belief is that security operations is no longer a human scale problem. We need tools and technologies to aid our defenders and responders to be able to process, investigate and respond at machine speed. Our vision for modernizing security operations to deal with threats at machine scale has always encompassed more than just SIEM.
Read Post
splunk

Splunk for OT Security V2: SOAR and More

Mar 10, 2021 By Ed Albanese In Splunk

In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.

Read Post

Splunk SOAR Playbooks: Crowdstrike Malware Triage

Mar 9, 2021 By Splunk In Splunk
The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.
View Video
splunk

Automating With Splunk Phantom: How Norlys Does It

Mar 1, 2021 By Olivia Courtney In Splunk

Some tasks are better off automated. Paying bills on time? Automated payments. Orchestrating a coordinated response to security alerts and triaging security events? There’s Splunk Phantom for that. Monotonous tasks, in our work and personal lives, should and can be automated in order to free up time and energy to focus on the things that matter.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.