Using Sigma rules in EventSentry
Shows how to create EventSentry event log filters based on Sigma rules, along with a short overview of Sigma rules in general.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Splunk Attack Analyzer Feature Video: Following Complex Attack Chains
Learn how Splunk Attack Analyzer saves analysts time and enhances SOC efficiency by automatically analyzing complex attack chains.
How Graylog Helps You Spot LockBit-Style Attacks Sooner
The DFIR Report recently detailed a LockBit attack with ransomware intrusion that succeeded without advanced exploits or zero-day vulnerabilities. The attack relied on a stolen AnyDesk installer, credential reuse, and renamed PowerShell scripts that blended into routine activity. These moves were not sophisticated, but they were fast and effective. The end result: complete domain encryption.
Smart Logging Without the Price Trap
How much value are you really getting from your logs, and what are you giving up to stay on budget? In this episode of Logs and Lattes, host Palmer Wallace sits down with Seth Goldhammer, VP of Product Management at Graylog, for a candid conversation about the hidden cost of traditional SIEM pricing. Seth explains how ingest-based and resource-heavy licensing models pressure security teams into tough tradeoffs, such as dropping logs, tuning down detections, or limiting retention just to avoid budget overages.
Security Pipelines Are Broken. Here's How to Fix Them
There’s a quiet failure at the heart of many security programs. It’s not a lack of data. It’s too much of the wrong data. Telemetry pipelines built for volume, not visibility, now flood teams with noise instead of insight. The result? More alerts. Slower response. Overworked analysts are stuck maintaining ingestion rules instead of catching real threats.
The Value of a Robust Vulnerability Management Program
Back before live security video feeds in homes, people would walk around at night checking to make sure they locked every window and door. They took these precautions because they knew that a single open lock gave burglars an opportunity to steal from them. For organizations, vulnerability management programs are a way to lock the doors against cybercriminals.
Compliance vs Security: The Business Value of Alignment
Compliance is not, nor has it ever been, security. Compliance is the spellcheck of the security world. Security is the work that people do every day to implement, enforce, and monitor the controls that protect systems, networks, applications, devices, users, and data. Compliance is the process of reviewing security work to ensure that it functions as intended. Compliance is an important component of an organization’s security posture.
The Value Of Log Management For Building Reliable IT Infrastructures
Reliability is a non-negotiable requirement. Organizations of all sizes depend on stable systems to deliver services, protect data, and maintain customer trust. Behind the seamless performance of applications and networks lies a wealth of activity recorded in system logs. These logs, often overlooked, provide crucial insights into operations, performance, and security. Effective log management, such as collecting, analyzing, and monitoring these records, is fundamental to building and maintaining a resilient IT infrastructure.
Cyber Attack Disrupts Airports Across Europe
When Heathrow, Brussels, and Berlin airports suffered a cyber attack that disrupted their check-in and baggage systems, the fallout was immediate. Flights were canceled, queues stretched through terminals, and staff scrambled to switch to manual processes. For some of Europe’s busiest hubs, this was more than an inconvenience. It was a reminder that disruption, not data theft, is often the attacker’s goal.
Splunk Enterprise Security: Built to Empower Every SOC Analyst
Security analysts work on the front lines, responsible for protecting organizations every hour of the day from all threats. Our mission has always been to empower the SOC with end-to-end visibility to focus on what matters most and act with clarity, context and speed to resolve any attack.