I hope you're all enjoying this series on Hunting with Splunk as much as we enjoy bringing it to you. This article discusses a foundational capability within Splunk — the eval command. If I had to pick a couple of Splunk commands that I would want to be stuck on a desert island with, the eval command is up there right next to stats and sort. (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)

Cybercriminals and threat actors use multiple vectors to infiltrate your IT network. They employ a series of coordinated steps as they… Impactful cyberattacks today are no longer executed as a simple virus with self-mutation capabilities, especially when many organizations rely on AI-enabled threat detection capabilities. They’re a lot more sophisticated.

In organizational risk management, Risk Tolerance and Risk Appetite are two fundamental concepts. These concepts are applied in areas such as business investing, decision making, cybersecurity risk management, and overall finance. While these concepts complement each other, they do have different meanings. A simple distinction is this: And there’s a bit more to it.

Known as RegEx (or gibberish for the uninitiated), Regular Expressions is a compact language that allows security analysts to define a pattern in text. When working with ASCII data and trying to find something buried in a log, regex is invaluable. But writing regular expressions can be hard. There are lots of resources to assist you: “But stop,” you say, “Splunk uses fields! Why should I spend time learning Regular Expressions?”

In today's digital landscape, organizations face increasingly sophisticated cyber threats that can compromise sensitive data, disrupt operations, and tarnish their reputation. To mitigate these risks, regulatory frameworks have been developed to ensure robust cybersecurity practices.

The COVID-19 pandemic has spurred a significant increase in the adoption of remote access, resulting in a substantial portion of the workforce transitioning to remote work. This requires employees to heavily rely on their employer’s virtual private network (VPN) to connect to their company's IT systems. This shift to working from home (WFH) is expected to continue well into the foreseeable future.

When you think about security, it's usually from external factors. We lock the doors to our homes and businesses, when we go to the gym our belongings are kept safe in locked lockers from theft, and our computers and phones have security measures in place to keep people out. Our focus is on external threats but the biggest danger can come from within — insider threats. Consider the classic thriller When a Stranger Calls.

NjRAT (also known as Bladabindi) malware is a Remote Access Trojan (RAT) that was first discovered in 2012. This malware strain has persisted in the threat landscape up to the present day, most recently earning notoriety for its active campaigns against agencies and organizations located in the Middle East and North Africa. Upon successful infiltration into a target host or system, NjRAT can allow the attacker to remotely access and exercise control over the compromised system.

As most folks who work in the US Federal Civilian space are aware, we are now past the August 2023 date to meet Enterprise Logging Level 3 (EL3) in support of the M-21-31 OMB Mandate. As part of the Advanced Requirements in EL3, Logging Orchestration, Automation, & Response enters Finalizing Implementation, meaning agencies should be completing and rolling out automated incident response playbooks.

Ever thought about what to do to prevent deadly insider attacks? Even with the implementation of intrusion prevention systems and antivirus software, these threats persist. And their cost has risen by 44% over the past two years. In 2023, insiders have been responsible for the unauthorized leakage of almost 1 billion records. Amid this adversity, user and entity behavior analytics (UEBA) has emerged as a modern enterprise security solution.