As defenders, we need to keep pace with all kinds of different aspects of the attack surface. For Windows, the attack surface seems to just continue beyond our grasp every way we look, especially when we start to dig into trust and the registry. As previously outlined in the Splunk Threat Research Team’s blog, "From Registry With Love: Malware Registry Abuses," the vast methods used by adversaries to persist and abuse the Windows registry goes deep.

The software supply chain today runs differently than it did just five years ago. The number of available tools, languages, and packages used have exploded. Further, the growing mix of OSS packages puts organizations at risk of outdated software, untracked dependencies, and non-compliant licenses. To add to the chaos, teams are now increasingly distributed and greater in number. All of this dramatically increases the number of inputs within the software supply chain.

For as long as I can remember, I have started my day off by reading various security news sites to figure out what I need to be aware of and any new trends that are being spotted. I used to do this on my phone while commuting, and now I work from home, but I still follow this routine, and that got me thinking, why not feed Graylog with this information?

I hope you're all enjoying this series on Hunting with Splunk as much as we enjoy bringing it to you. This article discusses a foundational capability within Splunk — the eval command. If I had to pick a couple of Splunk commands that I would want to be stuck on a desert island with, the eval command is up there right next to stats and sort. (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)

Cybercriminals and threat actors use multiple vectors to infiltrate your IT network. They employ a series of coordinated steps as they… Impactful cyberattacks today are no longer executed as a simple virus with self-mutation capabilities, especially when many organizations rely on AI-enabled threat detection capabilities. They’re a lot more sophisticated.

In organizational risk management, Risk Tolerance and Risk Appetite are two fundamental concepts. These concepts are applied in areas such as business investing, decision making, cybersecurity risk management, and overall finance. While these concepts complement each other, they do have different meanings. A simple distinction is this: And there’s a bit more to it.

Known as RegEx (or gibberish for the uninitiated), Regular Expressions is a compact language that allows security analysts to define a pattern in text. When working with ASCII data and trying to find something buried in a log, regex is invaluable. But writing regular expressions can be hard. There are lots of resources to assist you: “But stop,” you say, “Splunk uses fields! Why should I spend time learning Regular Expressions?”