The Elastic Infosec Detections and Analytics team is responsible for building, tuning, and maintaining the security detections used to protect all Elastic systems. Within Elastic we call ourselves Customer Zero and we strive to always use the newest versions of our products.

The Splunk Threat Research Team (STRT) most recently began evaluating more ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.

To remain competitive in the digital age, organizations frequently introduce new hardware devices and software installations to their IT environments. The problem is that these assets might suffer from vulnerabilities that attackers could misuse, if unpatched, to change a device’s configuration or make unauthorized modifications to some of the organization’s important files.

The Office of Management and Budget’s memo mandates a maturity model for event log management, sets agency implementation requirements, and establishes government-wide responsibilities. Fortunately, Splunk solutions can help agencies comply with the new mandates.

Does your Splunk app integrate with a third-party service or API? If so, that service might require your app’s users to authenticate using a secret. You can securely store and retrieve secrets in an app using the capabilities of the Splunk platform.

Can you recall exactly how good or bad your vision was following your last eye exam? Most of us can’t. A casual poll around the office showed that many people focus only on whether our eye doctor says we need an updated prescription for glasses or contacts. Often, we walk away with a new script but without a clear understanding of our overall eye health, i.e., whether our eyesight got better or worse since the previous visit.