SOAR

The latest News and Information on Security Orchestration, Automation and Response.

Splunk SOAR Playbooks: Azure New User Census

Apr 9, 2021 By Splunk In Splunk

Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.

View Video

Splunk

Read more about Splunk SOAR Playbooks: Azure New User Census

Taking Automation Beyond the SOC With Advanced Network Access Control

Apr 8, 2021 By Kelly Huang In Splunk

Security orchestration, automation and response (SOAR) tools are most commonly known for automating manual security operations processes in order to expedite security investigations or cyber response. For instance, Splunk’s SOAR technology, Splunk Phantom, is most commonly used to automate alert triage, phishing investigation and response, threat hunting and vulnerability management.

Read Post

Splunk

Read more about Taking Automation Beyond the SOC With Advanced Network Access Control

Splunk SOAR Playbooks: Conducting an Azure New User Census

Mar 31, 2021 By Philip Royer In Splunk

In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).

Read Post

Splunk

Read more about Splunk SOAR Playbooks: Conducting an Azure New User Census

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Mar 26, 2021 By Shannon Davis In Splunk

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

Read Post

Splunk

Read more about Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Splunk SOAR Feature Video: Event Management

Mar 18, 2021 By Splunk In Splunk

Analysts are often overwhelmed with a large volume of security events. Phantom makes event management easy by consolidating all events from multiple sources into one place.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Event Management

Splunk SOAR Feature Video: Main Dashboard

Mar 18, 2021 By Splunk In Splunk

Phantoms Main Dashboard provides an overview of all your data and activity, notable events, playbooks, connections with other security tools, workloads, ROI, and so much more.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Main Dashboard

Splunk SOAR Feature Video: Playbooks

Mar 18, 2021 By Splunk In Splunk

Playbooks are the codification of your Security Operations (SecOps) plan. In practice, they’re high-level Python scripts that Phantom interprets in order to execute your mission.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Playbooks

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Mar 18, 2021 By Kelly Huang In Splunk

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.

Read Post

Splunk

Read more about Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Sumo Logic to accelerate modernization of security operations with proposed acquisition of DFLabs

Mar 10, 2021 By Greg Martin In Sumo Logic

At Sumo Logic, our belief is that security operations is no longer a human scale problem. We need tools and technologies to aid our defenders and responders to be able to process, investigate and respond at machine speed. Our vision for modernizing security operations to deal with threats at machine scale has always encompassed more than just SIEM.

Read Post

Sumo Logic

Read more about Sumo Logic to accelerate modernization of security operations with proposed acquisition of DFLabs

Splunk for OT Security V2: SOAR and More

Mar 10, 2021 By Ed Albanese In Splunk

In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.

Read Post